제출 #18903: Mantis Bug Tracker 2.24.3 API SOAP Blind SQL Injection정보

제목Mantis Bug Tracker 2.24.3 API SOAP Blind SQL Injection
설명In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. Sending a empty value as String in the Access parameter, we can get a respone with a SQL error. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28413 POC: https://www.exploit-db.com/exploits/49340 https://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html Details: https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
원천⚠️ https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
사용자
 EthicalHCOP (UID 4258)
제출2021. 08. 24. AM 10:24 (5 연령 ago)
모더레이션2021. 08. 24. AM 11:05 (41 minutes later)
상태중복
VulDB 항목167047 [MantisBT 까지 2.24.3 API SOAP mc_project_get_users 접근 SQL 주입]
포인트들0

Interested in the pricing of exploits?

See the underground prices here!