| tiêu đề | Taokeyun Taokeyun ≤1.0.5 SQL Injection |
|---|
| Mô tả | The application "Taokeyun" version ≤1.0.5, developed by Taokeyun.cn, has a SQL Injection vulnerability in the file "application/index/controller/app/store/Goods.php". The function "shopGoods" does not properly sanitize the 'keyword' input parameter, allowing arbitrary SQL commands to be executed. This flaw can be exploited by an attacker to manipulate SQL queries, potentially leading to data leakage, data corruption, or even full system compromise. The vulnerability can be confirmed by sending a maliciously crafted request containing the SQL command 'sleep(5)', which causes a delay in the response if the SQL Injection point is present. |
|---|
| Nguồn | ⚠️ https://note.zhaoj.in/share/TKWDqowIoLqs |
|---|
| Người dùng | glzjin (UID 59815) |
|---|
| Đệ trình | 11/01/2024 08:52 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 12/01/2024 12:11 (1 day later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 250586 [Taokeyun đến 1.0.5 HTTP POST Request Goods.php shopGoods keyword Tiêm SQL] |
|---|
| điểm | 20 |
|---|