In the middle of time I was looking for another CVE with a bug described as SQL Injection. Below you will find more details about it.
I found the information about the vulnerability here. Below you can also find it on the screen:
This time we will check CVE-2017-8377.
As you can see I tried to write proof of concept for version 1.0.1:
Advisory is talking about 1.0.2 but it looks like the poc will work also for other version:
Of course you can change the payload to extract something else. Below example for the user():
Poc is available on my github. In case of any questions, feel free to mail me or find me @twitter.
Cheers
Brak komentarzy:
Prześlij komentarz