Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-9796 PoC — WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection

Source
https://github.com/BwithE/CVE-2024-9796
Associated Vulnerability
Title:WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection (CVE-2024-9796)
Description:The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Description
CVE-2024-9796 WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection. Poc.
Readme
# CVE-2024-9796 WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection

## Description
The PoC SQL injection will dump WordPress users and hashes.

## Disclaimer:
This script is for educational use only. 

Do not use it for illegal purposes. 

If you do, it’s entirely your responsibility; I am not liable for any misuse.

## More information on the exploit
https://wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/

## Usage:
```
# Successful attempt
python3 poc.py -i 127.0.0.1
[!] 127.0.0.1 has been PWNed!
admin:$P$H5blBNpO5AVI7eDJJi95E6pso16h981
user:$P$H1Sa1pcnzwWha3G9XH5rkfB6wOcE2a1

# unsuccessful attempt
python3 poc.py -i 127.0.0.1
[!] Doesn't look vulnerable..
```
File Snapshot

 [4.0K]  /data/pocs/f315074841952d2f17ed7cd0f2f52ced40d8c4e2
├── [1.4K]  poc.py
└── [ 698]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →