Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-7188 PoC — Bylancer Quicklancer SQL注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-7188.yaml
Associated Vulnerability
Title:Bylancer Quicklancer SQL注入漏洞 (CVE-2024-7188)
Description:Bylancer Quicklancer是Bylancer公司的一个自由职业者平台。 Bylancer Quicklancer 2.4版本存在SQL注入漏洞,该漏洞源于组件GET Parameter Handler的参数range2会导致SQL注入。
Description
A SQL injection vulnerability exists in the Quicklancer 2.4, GET parameter 'range2', that has time-based blind SQL injection and a boolean-based blind SQL injection, which can be exploited remotely by unauthenticated attacker to execute arbitrary SQL queries in the database.
File Snapshot

 id: CVE-2024-7188

info:
  name: Bylancer Quicklancer 2.4 G - SQL Injection
  author: s4e-io
  sever

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.