| 제목 | Cxbsoft UrlShorting ≤v1.3.1 SQL Injection |
|---|
| 설명 | The "UrlShorting" application contains a SQL Injection vulnerability in the /pages/short_to_long.php file, as identified by glzjin in versions up to and including v1.3.1. The flaw arises from the application's improper handling of the shorturl parameter, which is directly incorporated into the SQL query, thus allowing an attacker to execute arbitrary SQL commands by sending specially crafted POST requests, as exemplified by the provided malicious payload. |
|---|
| 원천 | ⚠️ https://note.zhaoj.in/share/Zezf8fmoq7lk |
|---|
| 사용자 | glzjin (UID 59815) |
|---|
| 제출 | 2024. 01. 04. AM 11:49 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 01. 14. PM 05:29 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 250696 [CXBSoft Url-shorting 까지 1.3.1 HTTP POST Request /pages/short_to_long.php shorturl SQL 주입] |
|---|
| 포인트들 | 20 |
|---|