| 제목 | cxbsoft Post-Office <=1.0 SQL Injection |
|---|
| 설명 | The Post-Office application, specifically version v1.0 or below, has been identified to contain a SQL Injection vulnerability within the /apps/reg_go.php file. The flaw was discovered by security researcher glzjin, who noted that the 'username_reg' parameter is improperly handled and directly concatenated into a SQL query, allowing for malicious SQL commands to be executed. By crafting a specially designed HTTP POST request, an attacker can exploit this vulnerability to manipulate the database, as demonstrated by the payload which induces a 5-second sleep, confirming the SQL injection point. The details of this vulnerability, including proof of concept, have been made available by the researcher on various platforms including the official software repository on GitHub and community forums. |
|---|
| 원천 | ⚠️ https://note.zhaoj.in/share/HUxa372VNwad |
|---|
| 사용자 | glzjin (UID 59815) |
|---|
| 제출 | 2024. 01. 05. AM 06:03 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 01. 14. PM 05:38 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 250700 [CXBSoft Post-Office 까지 1.0 HTTP POST Request /apps/reg_go.php username_reg SQL 주입] |
|---|
| 포인트들 | 20 |
|---|