CVE-2021-24507 PoC — WordPress SQL注入漏洞

Source

https://github.com/RandomRobbieBF/CVE-2021-24507

Associated Vulnerability

Title:WordPress SQL注入漏洞 (CVE-2021-24507)
Description:WordPress是WordPress（Wordpress）基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress Plugin Astra Pro Addon 存在SQL注入漏洞，该漏洞源于Astra Pro Addon 在SQL语句中使用 astra_pagination_infinite 和 astra_shop_pagination_infinite 传入的POST参数时没有经过正确的清理或转义，导致SQL注入问题。

Description

Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection - CVE-2021-24507

Readme

# CVE-2021-24507
Astra Pro Addon &lt; 3.5.2 - Unauthenticated SQL Injection - CVE-2021-24507

File Snapshot


 [4.0K]  /data/pocs/cb38cd156588044ab5e4dfd437cdd575706be636
├── [3.0K]  astro.py
└── [  93]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!