Enviar #262640: cxbsoft Post-Office ≤v1.0 SQL Injectioninformación

Títulocxbsoft Post-Office ≤v1.0 SQL Injection
DescripciónThe identified vulnerability resides within the /admin/pages/update_go.php file of the Post-Office software, where the version parameter is concatenated directly into a SQL query without proper sanitization. This oversight allows an attacker to craft malicious SQL statements, such as time-based blind SQL injection, by sending a specially crafted HTTP POST request, as demonstrated by the payload that induces a deliberate delay in the database response, confirming the presence of the SQL injection vulnerability.
Fuente⚠️ https://note.zhaoj.in/share/grOgvdMgn0wg
Usuario
 glzjin (UID 59815)
Sumisión2024-01-05 04:56 (hace 2 años)
Moderación2024-01-14 17:38 (10 days later)
EstadoAceptado
Entrada de VulDB250698 [CXBSoft Post-Office 1.0 HTTP POST Request update_go.php Versión inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!