| Title | Cxbsoft UrlShorting ≤v1.3.1 SQL Injection |
|---|
| Description | The "UrlShorting" application contains a SQL Injection vulnerability in the /pages/short_to_long.php file, as identified by glzjin in versions up to and including v1.3.1. The flaw arises from the application's improper handling of the shorturl parameter, which is directly incorporated into the SQL query, thus allowing an attacker to execute arbitrary SQL commands by sending specially crafted POST requests, as exemplified by the provided malicious payload. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/Zezf8fmoq7lk |
|---|
| User | glzjin (UID 59815) |
|---|
| Submission | 01/04/2024 11:49 (2 years ago) |
|---|
| Moderation | 01/14/2024 17:29 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 250696 [CXBSoft Url-shorting up to 1.3.1 HTTP POST Request /pages/short_to_long.php shorturl sql injection] |
|---|
| Points | 20 |
|---|