| Название | Cxbsoft UrlShorting ≤v1.3.1 SQL Injection |
|---|
| Описание | The "UrlShorting" application contains a SQL Injection vulnerability in the /pages/short_to_long.php file, as identified by glzjin in versions up to and including v1.3.1. The flaw arises from the application's improper handling of the shorturl parameter, which is directly incorporated into the SQL query, thus allowing an attacker to execute arbitrary SQL commands by sending specially crafted POST requests, as exemplified by the provided malicious payload. |
|---|
| Источник | ⚠️ https://note.zhaoj.in/share/Zezf8fmoq7lk |
|---|
| Пользователь | glzjin (UID 59815) |
|---|
| Представление | 04.01.2024 11:49 (2 лет назад) |
|---|
| Модерация | 14.01.2024 17:29 (10 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 250696 [CXBSoft Url-shorting до 1.3.1 HTTP POST Request /pages/short_to_long.php shorturl SQL-инъекция] |
|---|
| Баллы | 20 |
|---|