HumHub 0.11.2 and 0.20.0-beta.2 - SQL 注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 寻找SQL注入的一般步骤:</br> 1、寻找数据输入(表单)</br> 2、注入数据</br> 3、检测异常响应,像HTTP的500错误,SQL报错</br> 该过程可以借助多种工具实现自动化。</br> ![](https://images.seebug.org/contribute/69a17988-d71b-433b-9083-35686cf6d224-1.png) </br> 用AWVS检测出 /index.php 可能存在SQL注入。</br> ### 以下地址会报SQL错误,from 字段是注入点:</br> ``` http://localhost/index.php?from=1'"&limit=10&mode=activity&r=space/space/stream&sguid=e9659cfc-886f-4524-94ae-1721999ad43b ``` ``` http://localhost/index.php?1=/space/space/stream&filters=&from=1'%22&limit=4&mode=normal&r=space/space/stream&sguid=e9659cfc-886f-4524-94ae-1721999ad43b&sort=c ``` ``` http://localhost/index.php?1=//user/profile/stream&filters=&from=1'%22&limit=4&mode=normal&r=user/profile/stream&sort=c&uguid=264c3e7d-25f1-4e2f-9ea0-e62cf29c684c ``` ``` http://localhost/index.php?r=directory%2Fdirectory%2Fstream&limit=4&filters=entry_mine,&sort=u&from=6_&mode=normal ``` ![](https://images.seebug.org/contribute/c7cdb867-95ac-4e31-8593-1d6f1d8ea66b-2.png)</br> ### 由此可以很方便的使用sqlmap进行盲注。</br> ``` sqlmap -u...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息