Enviar #262346: Cxbsoft UrlShorting ≤v1.3.1 SQL Injectioninformación

TítuloCxbsoft UrlShorting ≤v1.3.1 SQL Injection
DescripciónThe URL shortening application "UrlShorting" is vulnerable to SQL Injection due to the insecure handling of user input in the `long_s_short.php` page. Specifically, the `longurl` parameter is concatenated directly into an SQL query without proper sanitization or prepared statements. This vulnerability, found by the researcher glzjin in versions up to and including 1.3.1, allows an attacker to manipulate the SQL query and potentially access or alter the database by sending a crafted request, as demonstrated by the provided POST request example.
Fuente⚠️ https://note.zhaoj.in/share/9tjcunCPidgI
Usuario
 glzjin (UID 59815)
Sumisión2024-01-04 11:43 (hace 2 años)
Moderación2024-01-14 17:29 (10 days later)
EstadoAceptado
Entrada de VulDB250695 [CXBSoft Url-shorting hasta 1.3.1 HTTP POST Request /pages/long_s_short.php longurl inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!