제출 #128: Xinet Elegant 6 Asset Library Web Interface v6.1.655 Pre-Auth SQL Injection정보

제목Xinet Elegant 6 Asset Library Web Interface v6.1.655 Pre-Auth SQL Injection
설명Description: NAPC Xinet (interface) Elegant 6 Asset Library v6.1.655 allows Pre-Authentication Error based SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used. The vulnerable version seems to be old, but it may still be possible to still find it deployed as I have. Vulnerable Parameter: LoginForm[username] (POST) Method. Author: John Page (aka hyp3rlinx) Date: 2019-11-30 CVE: CVE-2019-19245 Video: https://www.youtube.com/watch?v=mdw_sPlshmI
원천⚠️ http://hyp3rlinx.altervista.org/advisories/NAPC-XINET-ELEGANT-6-ASSET-LIBRARY-WEB-INTERFACE-PRE-AUTH-SQL-INJECTION.txt
사용자
 misc (UID 3)
제출2019. 12. 01. AM 08:31 (6 연령 ago)
모더레이션2019. 12. 08. PM 06:00 (7 days later)
상태수락
VulDB 항목146495 [NAPC Xinet Elegant 6 Asset Library 6.1.655 SQL 주입]
포인트들20

이전개요다음

Interested in the pricing of exploits?

See the underground prices here!