| 제목 | Taokeyun Taokeyun ≤1.0.5 SQL Injection |
|---|
| 설명 | The Taokeyun software, version 1.0.5 and below, has been identified with a SQL Injection vulnerability. This vulnerability resides in the 'Drs.php' file within the 'login' function where user input parameter 'cid' is directly concatenated into a SQL query. This insecure practice allows an attacker to manipulate the SQL query by injecting malicious payloads, such as 'or sleep(5)', leading to potential unauthorized access to sensitive data. This vulnerability has been confirmed by the bug author, glzjin, and poses a serious risk to systems running the affected versions of the software. |
|---|
| 원천 | ⚠️ https://note.zhaoj.in/share/0KtyJccrP3Ba |
|---|
| 사용자 | glzjin (UID 59815) |
|---|
| 제출 | 2024. 01. 11. AM 08:14 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 01. 12. PM 12:11 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 250585 [Taokeyun 까지 1.0.5 HTTP POST Request Drs.php index cid SQL 주입] |
|---|
| 포인트들 | 20 |
|---|