ENGAGE - Oh no! Something went wrong.
SummaryA vulnerability was found in engage platform, where an internal server error message ex 2025-1-9 23:59:12 Author: github.com(查看原文) 阅读量:4 收藏
SummaryA vulnerability was found in engage platform, where an internal server error message ex 2025-1-9 23:59:12 Author: github.com(查看原文) 阅读量:4 收藏
Summary
A vulnerability was found in engage platform, where an internal server error message exposes sensitive information about the servers, including SQL table which could lead to SQL injection.
Severity
Low - This vulnerability discloses partial information that is not immediately exploitable.
Proof of Concept
- Go to https://www.letsengage.com/google-form
- File the form, enter text with some strange string encoding (I don’t exactly know what, looking at the error, something that latin1_swedish_ci cannot represent) in one of the input fields (I don’t know which one).
- Go to the end of the form by filing all the inputs.
- Click submit.
- …
- Get the error message.
Timeline
Date reported: 09/20/2024
Date fixed:
Date disclosed: 1/10/2025
文章来源: https://github.com/google/security-research/security/advisories/GHSA-24w6-q4hq-mjfr
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh