Title | CXBSoft UrlShorting ≤v1.3.1 SQL Injection |
---|
Description | The UrlShorting application, as of version v1.3.1, contains a SQL Injection vulnerability within the index.php file. Specifically, the 'url' parameter is directly concatenated into a SQL query, which allows for potential SQL Injection attacks. Attackers can exploit this by crafting malicious URL parameters, as demonstrated by the provided payload that uses a union select statement to retrieve the version of the database, indicating that the application is susceptible to SQL injection attacks. |
---|
Source | ⚠️ https://note.zhaoj.in/share/GdpwiaItePFq |
---|
User | glzjin (ID 59815) |
---|
Submission | 04/01/2024 11:31 (9 months ago) |
---|
Moderation | 14/01/2024 17:29 (10 days later) |
---|
Status | Accepté |
---|
VulDB Entry | 250694 |
---|
Points | 20 |
---|