{"uuid": "0ae765c2-c058-4047-9f62-a986a34f6258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-44026", "type": "published-proof-of-concept", "source": "https://t.me/HackingPublicoficial/406", "content": "Please tell me about SQL Injection\ud83d\ude14\n\n I sit all day and cannot understand\n\n Here is the vulnerability\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026\n\n In version 1.4.11\n This is where the developers change the code and close the vulnerability for version 1.4.12\n https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1\n\n We see that all files end with .inc\n\n For example this file\n program/steps/addressbook/search.inc\n\n The vulnerability suggests that the request needs to be inserted into the search or search_params parameters\n\n Code:\n $ _SESSION ['search'] [$ search_request] = $ search_set;\n\n\n $ _SESSION ['search_params'] = array ('id' => $ search_request, 'data' => array ($ fields, $ search));\n  \n\n How do I insert sqli here?  And the question is how to make requests correctly, at least the first ones, so that there is something to start from\n\n The problem is that when accessing these vulnerable files, they are not executed as .php, but are downloaded, and a download link is returned to Burp.\n\n Here is the source for version 1.4.11\n\n https://github.com/roundcube/roundcubemail/tree/1.4.11", "creation_timestamp": "2021-12-14T02:01:12.000000Z"}