| Название | cxbsoft Post-Office ≤v1.0 SQL Injection |
|---|
| Описание | The identified vulnerability resides within the /admin/pages/update_go.php file of the Post-Office software, where the version parameter is concatenated directly into a SQL query without proper sanitization. This oversight allows an attacker to craft malicious SQL statements, such as time-based blind SQL injection, by sending a specially crafted HTTP POST request, as demonstrated by the payload that induces a deliberate delay in the database response, confirming the presence of the SQL injection vulnerability. |
|---|
| Источник | ⚠️ https://note.zhaoj.in/share/grOgvdMgn0wg |
|---|
| Пользователь | glzjin (UID 59815) |
|---|
| Представление | 05.01.2024 04:56 (2 лет назад) |
|---|
| Модерация | 14.01.2024 17:38 (10 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 250698 [CXBSoft Post-Office 1.0 HTTP POST Request update_go.php Версия SQL-инъекция] |
|---|
| Баллы | 20 |
|---|