| 제목 | Cxbsoft UrlShorting ≤v1.3.1 SQL Injection |
|---|
| 설명 | The URL shortening application "UrlShorting" is vulnerable to SQL Injection due to the insecure handling of user input in the `long_s_short.php` page. Specifically, the `longurl` parameter is concatenated directly into an SQL query without proper sanitization or prepared statements. This vulnerability, found by the researcher glzjin in versions up to and including 1.3.1, allows an attacker to manipulate the SQL query and potentially access or alter the database by sending a crafted request, as demonstrated by the provided POST request example. |
|---|
| 원천 | ⚠️ https://note.zhaoj.in/share/9tjcunCPidgI |
|---|
| 사용자 | glzjin (UID 59815) |
|---|
| 제출 | 2024. 01. 04. AM 11:43 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 01. 14. PM 05:29 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 250695 [CXBSoft Url-shorting 까지 1.3.1 HTTP POST Request /pages/long_s_short.php longurl SQL 주입] |
|---|
| 포인트들 | 20 |
|---|