Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-32789 PoC β€” Arbitrary SQL (SQL injection) possible via the Store API component.

Source
https://github.com/and0x00/CVE-2021-32789
Associated Vulnerability
Title:Arbitrary SQL (SQL injection) possible via the Store API component. (CVE-2021-32789)
Description:woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.
Description
πŸ’£ Wordpress WooCommerce users dump exploit
Readme
# πŸ’£ CVE-2021-32789
Wordpress WooCommerce users dump exploit

### Dump admin user
```
woo -u http://example.com
```

### Dump all users
```
woo -u http://example.com -dump
```
File Snapshot

 [4.0K]  /data/pocs/1cd2be1ad5fbfc72d2c18f3831a647ad687be3d7
β”œβ”€β”€ [3.0K]  main.go
└── [ 177]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers β€” if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online β€” thank you for the support. View subscription plans β†’