| Titel | cxbsoft Post-Office ≤v1.0 SQL Injection |
|---|
| Beschreibung | The identified vulnerability resides within the /admin/pages/update_go.php file of the Post-Office software, where the version parameter is concatenated directly into a SQL query without proper sanitization. This oversight allows an attacker to craft malicious SQL statements, such as time-based blind SQL injection, by sending a specially crafted HTTP POST request, as demonstrated by the payload that induces a deliberate delay in the database response, confirming the presence of the SQL injection vulnerability. |
|---|
| Quelle | ⚠️ https://note.zhaoj.in/share/grOgvdMgn0wg |
|---|
| Benutzer | glzjin (UID 59815) |
|---|
| Einreichung | 05.01.2024 04:56 (vor 2 Jahren) |
|---|
| Moderieren | 14.01.2024 17:38 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 250698 [CXBSoft Post-Office 1.0 HTTP POST Request update_go.php Version SQL Injection] |
|---|
| Punkte | 20 |
|---|