Отправить #495413: Pihome-SHC Pihome 1.77 SQL InjectionИнформация

НазваниеPihome-SHC Pihome 1.77 SQL Injection
ОписаниеIn the Pihome v 1.77 - there is a SQLi in the ajax.php controller. The web application is vulnerable to SQL Injection attacks within ajax modal functionality. Attackers can exploit this vulnerability by injecting malicious input into the "id" parameter, which is used to edit values in the `mqtt` table. To exploit the SQL injection vulnerability, attackers craft a payload containing malicious input and inject it into the "id" parameter. For example, submitting the payload `(sleep(20))--` triggers 20 seconds delay in the request. This demonstrates the successful execution of the injection within the application.
Источник⚠️ https://www.singto.io/pocsforexploits/pihome_sqli_ajax.md
Пользователь Jelle Janssens (UID 81048)
Представление05.02.2025 15:25 (1 Год назад)
Модерация10.02.2025 12:09 (5 days later)
Статуспринято
Запись VulDB295088 [pihome-shc PiHome 1.77 ajax.php?Ajax=GetModal_MQTTEdit ИД SQL-инъекция]
Баллы20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!