| 제목 | Serdar Bayram ghost v1 SQL Injection |
|---|
| 설명 | An SQL injection vulnerability exists in Auth.php of the Ghost Hot Spot v1 application (distributed in ghost.tar) (https://www.serdarbayram.net/download/ghost.tar). The login handler concatenates unsanitized username/password input into SQL queries, enabling unauthenticated attackers to perform time-based and error-based injection to enumerate and exfiltrate database contents (e.g., credentials stored in ghost_users). |
|---|
| 원천 | ⚠️ https://drive.proton.me/urls/BKHV097YXC#sQCrH9wl3fqC |
|---|
| 사용자 | rwetgi (UID 91600) |
|---|
| 제출 | 2025. 10. 14. AM 12:06 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 27. PM 01:52 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 330128 [Serdar Bayram Ghost Hot Spot 까지 20251014 Login /Auth.php SQL 주입] |
|---|
| 포인트들 | 20 |
|---|