| عنوان | Cxbsoft UrlShorting ≤v1.3.1 SQL Injection |
|---|
| الوصف | The "UrlShorting" application contains a SQL Injection vulnerability in the /pages/short_to_long.php file, as identified by glzjin in versions up to and including v1.3.1. The flaw arises from the application's improper handling of the shorturl parameter, which is directly incorporated into the SQL query, thus allowing an attacker to execute arbitrary SQL commands by sending specially crafted POST requests, as exemplified by the provided malicious payload. |
|---|
| المصدر | ⚠️ https://note.zhaoj.in/share/Zezf8fmoq7lk |
|---|
| المستخدم | glzjin (UID 59815) |
|---|
| ارسال | 04/01/2024 11:49 AM (2 سنوات منذ) |
|---|
| الاعتدال | 14/01/2024 05:29 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 250696 [CXBSoft Url-shorting حتى 1.3.1 HTTP POST Request /pages/short_to_long.php shorturl حقن SQL] |
|---|
| النقاط | 20 |
|---|