제출 #495413: Pihome-SHC Pihome 1.77 SQL Injection정보

제목Pihome-SHC Pihome 1.77 SQL Injection
설명In the Pihome v 1.77 - there is a SQLi in the ajax.php controller. The web application is vulnerable to SQL Injection attacks within ajax modal functionality. Attackers can exploit this vulnerability by injecting malicious input into the "id" parameter, which is used to edit values in the `mqtt` table. To exploit the SQL injection vulnerability, attackers craft a payload containing malicious input and inject it into the "id" parameter. For example, submitting the payload `(sleep(20))--` triggers 20 seconds delay in the request. This demonstrates the successful execution of the injection within the application.
원천⚠️ https://www.singto.io/pocsforexploits/pihome_sqli_ajax.md
사용자 Jelle Janssens (UID 81048)
제출2025. 02. 05. PM 03:25 (1 년도 ago)
모더레이션2025. 02. 10. PM 12:09 (5 days later)
상태수락
VulDB 항목295088 [pihome-shc PiHome 1.77 ajax.php?Ajax=GetModal_MQTTEdit 아이디 SQL 주입]
포인트들20

Do you know our Splunk app?

Download it now for free!