https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2021-27948_MyBB%E5%BE%8C%E5%8F%B0%E7%94%A8%E6%88%B6%E7%AE%A1%E7%90%86%E7%94%A8%E6%88%B6%E7%B5%84SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%2Fzh-tw
CVE-2021-27948 MyBB後台用戶管理用戶組SQL注入漏洞/zh-tw - Revision history
2026-04-09T20:23:52Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2021-27948_MyBB%E5%BE%8C%E5%8F%B0%E7%94%A8%E6%88%B6%E7%AE%A1%E7%90%86%E7%94%A8%E6%88%B6%E7%B5%84SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E/zh-tw&diff=5832&oldid=prev
Pwnwiki: Created page with "==漏洞利用=="
2021-06-24T02:31:28Z
<p>Created page with "==漏洞利用=="</p>
<p><b>New page</b></p><div><languages /><br />
<br />
==影響版本==<br />
<br />
<pre><br />
< 1.8.26<br />
</pre><br />
<br />
==漏洞利用==<br />
<br />
先隨便創個用戶組,接著新建一個用戶,並設置他的用戶組;<br />
<br />
在profile中選擇組;<br />
<br />
點擊保存抓包分析;<br />
<br />
修改addtionalgroups參數為sql注入payload:<br />
<pre><br />
1‘ and sleep(10) and '<br />
</pre><br />
<br />
選擇banning模塊,並選擇我們剛剛設置的用戶;<br />
<br />
點擊“Ban user”,抓包分析;<br />
<br />
可以看到成功延時。</div>
Pwnwiki