| Título | Song-Li cross_browser ca690f0fe6954fd9bcda36d071b68ed8682a786a SQL Injection |
|---|
| Descripción | The legacy MySQL-backed Flask application in cross_browser contains an SQL injection vulnerability in the /details endpoint implemented in flask/uniquemachine_app.py. The handler reads ID from a JSON request body and directly concatenates it into a SQL SELECT statement without parameterization or escaping. An attacker who can reach this endpoint can submit crafted input to alter the SQL query and retrieve unintended database records, and in some MySQL deployment configurations may be able to perform broader data exfiltration or blind SQL injection techniques. |
|---|
| Fuente | ⚠️ https://github.com/wing3e/public_exp/issues/24 |
|---|
| Usuario | BigW (UID 96422) |
|---|
| Sumisión | 2026-03-20 04:13 (hace 17 días) |
|---|
| Moderación | 2026-04-04 16:50 (15 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 355347 [Song-Li cross_browser hasta ca690f0fe6954fd9bcda36d071b68ed8682a786a details Endpoint uniquemachine_app.py ID inyección SQL] |
|---|
| Puntos | 20 |
|---|