Awesome

CVE-2022-31101

Exploit for PrestaShop bockwishlist module 2.1.0 SQLi (CVE-2022-31101)

Usage

python3 cve-2022-31101.py
Give the url to the wishlist when prompted. Example of a url: http://example.com/module/blockwishlist/view?id_wishlist=1
Give the cookies for your account when prompted.
Now it will start attacking the website.

In action

cve-2022-31101

Note

This exploit assumes the prefix for the table names in the database to be ps_. It is the default prefix given by PrestaShop.