CVE-2021-27946 MyBB民意調查中投票數量SQL注入漏洞

From PwnWiki

Revision as of 19:10, 19 June 2021 by K (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Other languages:

Chinese • ‎español • ‎中文（台灣）‎

影響版本

< 1.8.26

<html>

漏洞利用

首先創建一個帖子：

接著設置投票:

編輯投票(右下角)

插入payload：（這裡採用延時注入驗證漏洞）

1' and sleep(10) and '

拉到最下面的Moderation Options，選擇move / copy thread

點擊move/copy thread按鈕，抓包分析,發現成功延時，驗證成功

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-27946_MyBB民意調查中投票數量SQL注入漏洞&oldid=5375"