| タイトル | Taokeyun Taokeyun ≤1.0.5 SQL Injection |
|---|
| 説明 | The Taokeyun software, version 1.0.5 and below, has been identified with a SQL Injection vulnerability. This vulnerability resides in the 'Drs.php' file within the 'login' function where user input parameter 'cid' is directly concatenated into a SQL query. This insecure practice allows an attacker to manipulate the SQL query by injecting malicious payloads, such as 'or sleep(5)', leading to potential unauthorized access to sensitive data. This vulnerability has been confirmed by the bug author, glzjin, and poses a serious risk to systems running the affected versions of the software. |
|---|
| ソース | ⚠️ https://note.zhaoj.in/share/0KtyJccrP3Ba |
|---|
| ユーザー | glzjin (UID 59815) |
|---|
| 送信 | 2024年01月11日 08:14 (2 年 ago) |
|---|
| モデレーション | 2024年01月12日 12:11 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 250585 [Taokeyun 迄 1.0.5 HTTP POST Request Drs.php index cid SQLインジェクション] |
|---|
| ポイント | 20 |
|---|