提交 #495413: Pihome-SHC Pihome 1.77 SQL Injection信息

标题Pihome-SHC Pihome 1.77 SQL Injection
描述In the Pihome v 1.77 - there is a SQLi in the ajax.php controller. The web application is vulnerable to SQL Injection attacks within ajax modal functionality. Attackers can exploit this vulnerability by injecting malicious input into the "id" parameter, which is used to edit values in the `mqtt` table. To exploit the SQL injection vulnerability, attackers craft a payload containing malicious input and inject it into the "id" parameter. For example, submitting the payload `(sleep(20))--` triggers 20 seconds delay in the request. This demonstrates the successful execution of the injection within the application.
来源⚠️ https://www.singto.io/pocsforexploits/pihome_sqli_ajax.md
用户 Jelle Janssens (UID 81048)
提交2025-02-05 15時25分 (1 年前)
管理2025-02-10 12時09分 (5 days later)
状态已接受
VulDB条目295088 [pihome-shc PiHome 1.77 ajax.php?Ajax=GetModal_MQTTEdit 标识符 SQL注入]
积分20

Want to know what is going to be exploited?

We predict KEV entries!