| タイトル | Cxbsoft UrlShorting ≤v1.3.1 SQL Injection |
|---|
| 説明 | The "UrlShorting" application contains a SQL Injection vulnerability in the /pages/short_to_long.php file, as identified by glzjin in versions up to and including v1.3.1. The flaw arises from the application's improper handling of the shorturl parameter, which is directly incorporated into the SQL query, thus allowing an attacker to execute arbitrary SQL commands by sending specially crafted POST requests, as exemplified by the provided malicious payload. |
|---|
| ソース | ⚠️ https://note.zhaoj.in/share/Zezf8fmoq7lk |
|---|
| ユーザー | glzjin (UID 59815) |
|---|
| 送信 | 2024年01月04日 11:49 (2 年 ago) |
|---|
| モデレーション | 2024年01月14日 17:29 (10 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 250696 [CXBSoft Url-shorting 迄 1.3.1 HTTP POST Request /pages/short_to_long.php shorturl SQLインジェクション] |
|---|
| ポイント | 20 |
|---|