| 제목 | Shenzhen Ruiming Technology Co., Ltd. Streamax Crocus O&M Platform 1.3.44 SQL Injection |
|---|
| 설명 | A critical SQL injection vulnerability exists in the Streamax Crocus O&M Platform. The application fails to properly validate the State parameter in the DevicePrint.do component. An attacker can bypass the login requirement by providing a forged base64-encoded cookie Saffron.U="VUlEPTE=" (decodes to UID=1). This allows a remote, unauthenticated attacker to execute arbitrary SQL commands. By using time-based blind injection techniques (e.g., BENCHMARK or SLEEP), the attacker can extract sensitive system data and potentially compromise the entire database server. |
|---|
| 원천 | ⚠️ https://my.feishu.cn/docx/J8fHdY906o98pax4oCacWLTKndP?from=from_copylink |
|---|
| 사용자 | 0menc (UID 75423) |
|---|
| 제출 | 2026. 03. 11. AM 10:24 (19 날 ago) |
|---|
| 모더레이션 | 2026. 03. 27. AM 08:55 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 353833 [Shenzhen Ruiming Technology Streamax Crocus 1.3.44 Parameter DevicePrint.do?Action=ReadTask State SQL 주입] |
|---|
| 포인트들 | 20 |
|---|