Difference between revisions of "CVE-2021-27946 MyBB民意調查中投票數量SQL注入漏洞"
From PwnWiki
(Marked this version for translation) |
m |
||
| Line 9: | Line 9: | ||
<translate> | <translate> | ||
| + | <html> | ||
| + | |||
==漏洞利用== <!--T:2--> | ==漏洞利用== <!--T:2--> | ||
</translate> | </translate> | ||
Latest revision as of 19:10, 19 June 2021
影響版本
< 1.8.26
<html>
漏洞利用
首先創建一個帖子:
接著設置投票:
編輯投票(右下角)
插入payload:(這裡採用延時注入驗證漏洞)
1' and sleep(10) and '
拉到最下面的Moderation Options,選擇move / copy thread
點擊move/copy thread按鈕,抓包分析,發現成功延時,驗證成功
