Hoq to practically apply CVE-2017-16510?

Home Forums Hoq to practically apply CVE-2017-16510?

This topic contains 0 replies, has 1 voice, and was last updated by  BrianMiz 3 weeks, 5 days ago.

  • Author
    Posts
  • #136458

    BrianMiz
    Member

    I am running some sites and set one up deliberatley with a vulnerable wordpress version to test some vulnrabilities.

    ​

    Since it is below version 4.8.3, it is vulnerable to an SQLi via [CVE-2017-16510](https://www.cvedetails.com/cve/CVE-2017-16510/). I understand how it exploits a “double prepare” method in PHP which doesn’t properly sanatize inputs. [Security Focus]([https://www.securityfocus.com/bid/101638/discuss](https://www.securityfocus.com/bid/101638/discuss)) says the exploit can be performed in a browser.

    ​

    What would the actual process for this exploit be? I tried adding `’` to some urls in an attempt to get an SQL error, but no luck. I am looking to test it from an attackers point of view, to see how the vuln works

You must be logged in to reply to this topic.