Submeter #262640: cxbsoft Post-Office ≤v1.0 SQL Injectioninformação

Títulocxbsoft Post-Office ≤v1.0 SQL Injection
DescriçãoThe identified vulnerability resides within the /admin/pages/update_go.php file of the Post-Office software, where the version parameter is concatenated directly into a SQL query without proper sanitization. This oversight allows an attacker to craft malicious SQL statements, such as time-based blind SQL injection, by sending a specially crafted HTTP POST request, as demonstrated by the payload that induces a deliberate delay in the database response, confirming the presence of the SQL injection vulnerability.
Fonte⚠️ https://note.zhaoj.in/share/grOgvdMgn0wg
Utilizador
 glzjin (UID 59815)
Submissão05/01/2024 04h56 (há 2 anos)
Moderação14/01/2024 17h38 (10 days later)
EstadoAceite
Entrada VulDB250698 [CXBSoft Post-Office 1.0 HTTP POST Request update_go.php Versão Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!