CVE-2021-27946 MyBB民意調查中投票數量SQL注入漏洞

From PwnWiki

Revision as of 10:31, 21 March 2021 by Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==影響版本== </translate> <pre> < 1.8.26 </pre> <translate> ==漏洞利用== </translate> <translate> 首先創建一個帖子： </translate...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Other languages:

Chinese • ‎español • ‎中文（台灣）‎

影響版本

< 1.8.26

漏洞利用

首先創建一個帖子：

接著設置投票:

編輯投票(右下角)

插入payload：（這裡採用延時注入驗證漏洞）

1' and sleep(10) and '

拉到最下面的Moderation Options，選擇move / copy thread

點擊move/copy thread按鈕，抓包分析,發現成功延時，驗證成功

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-27946_MyBB民意調查中投票數量SQL注入漏洞&oldid=519"