जमा करें #777534: Shenzhen Ruiming Technology Co., Ltd. Streamax Crocus O&M Platform 1.3.44 SQL Injectionजानकारी

शीर्षकShenzhen Ruiming Technology Co., Ltd. Streamax Crocus O&M Platform 1.3.44 SQL Injection
विवरणA critical SQL injection vulnerability exists in the Streamax Crocus O&M Platform. The application fails to properly validate the State parameter in the DevicePrint.do component. An attacker can bypass the login requirement by providing a forged base64-encoded cookie Saffron.U="VUlEPTE=" (decodes to UID=1). This allows a remote, unauthenticated attacker to execute arbitrary SQL commands. By using time-based blind injection techniques (e.g., BENCHMARK or SLEEP), the attacker can extract sensitive system data and potentially compromise the entire database server.
स्रोत⚠️ https://my.feishu.cn/docx/J8fHdY906o98pax4oCacWLTKndP?from=from_copylink
उपयोगकर्ता
 0menc (UID 75423)
सबमिशन11/03/2026 10:24 AM (4 महीनों पहले)
संयम27/03/2026 08:55 AM (16 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि353833 [Shenzhen Ruiming Technology Streamax Crocus 1.3.44 Parameter DevicePrint.do?Action=ReadTask State SQL इंजेक्शन]
अंक20

Do you need the next level of professionalism?

Upgrade your account now!