Giters

MateusTesser / CVE-2023-31717

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-31717

It is possible to do SQL Injection into the HTTP POST id parameter passed in the body as json, being able to extract confidential information from the SQLite database

Payload -> "id":"n_7c734712-aabf4eb3' AND 2630=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2)))) AND 'MIZH'='MIZH"

Name Affected product: FUXA

Version affected: <= 1.1.12

Problem: SQL Injection

Description: It is possible to do SQL Injection into the HTTP POST id parameter passed in the body as json, being able to extract confidential information from the SQLite database

About