Enviar #567290: LyLme lylme_spage 2.1 SQL Injectioninformación

TítuloLyLme lylme_spage 2.1 SQL Injection
DescripciónA time-based blind SQL injection vulnerability exists in the lylme_spage project due to improper handling of the sort parameter in an SQL INSERT statement. The parameter is directly concatenated into the SQL query without sanitization or parameterization. This allows an unauthenticated attacker to inject malicious SQL payloads that can delay server responses based on conditional logic, confirming the vulnerability. A crafted payload using the sleep() function can be used to extract information from the database (e.g., current user), one character at a time.
Fuente⚠️ https://github.com/yanbeiii/Proof-of-Concept/blob/main/lylme-sqli.md
Usuario
 yanbei (UID 84800)
Sumisión2025-04-29 17:07 (hace 1 Año)
Moderación2025-05-10 15:56 (11 days later)
EstadoAceptado
Entrada de VulDB308289 [LyLme Spage 2.1 ajax_link.php sort inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!