| عنوان | Xinet Elegant 6 Asset Library Web Interface v6.1.655 Pre-Auth SQL Injection |
|---|
| الوصف | Description: NAPC Xinet (interface) Elegant 6 Asset Library v6.1.655 allows Pre-Authentication Error based SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used. The vulnerable version seems to be old, but it may still be possible to still find it deployed as I have. Vulnerable Parameter: LoginForm[username] (POST) Method.
Author: John Page (aka hyp3rlinx)
Date: 2019-11-30
CVE: CVE-2019-19245
Video: https://www.youtube.com/watch?v=mdw_sPlshmI
|
|---|
| المصدر | ⚠️ http://hyp3rlinx.altervista.org/advisories/NAPC-XINET-ELEGANT-6-ASSET-LIBRARY-WEB-INTERFACE-PRE-AUTH-SQL-INJECTION.txt |
|---|
| المستخدم | misc (UID 3) |
|---|
| ارسال | 01/12/2019 08:31 AM (7 سنوات منذ) |
|---|
| الاعتدال | 08/12/2019 06:00 PM (7 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 146495 [NAPC Xinet Elegant 6 Asset Library 6.1.655 حقن SQL] |
|---|
| النقاط | 20 |
|---|