| 标题 | CXBSoft UrlShorting ≤v1.3.1 SQL Injection |
|---|
| 描述 | The UrlShorting application, as of version v1.3.1, contains a SQL Injection vulnerability within the index.php file. Specifically, the 'url' parameter is directly concatenated into a SQL query, which allows for potential SQL Injection attacks. Attackers can exploit this by crafting malicious URL parameters, as demonstrated by the provided payload that uses a union select statement to retrieve the version of the database, indicating that the application is susceptible to SQL injection attacks. |
|---|
| 来源 | ⚠️ https://note.zhaoj.in/share/GdpwiaItePFq |
|---|
| 用户 | glzjin (UID 59815) |
|---|
| 提交 | 2024-01-04 11時31分 (2 年前) |
|---|
| 管理 | 2024-01-14 17時29分 (10 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 250694 [CXBSoft Url-shorting 直到 1.3.1 index.php url SQL注入] |
|---|
| 积分 | 20 |
|---|