The provided text describes an SQL injection vulnerability in XOS Shop 1.0 rc7o, where the 'goto' parameter in 'redirect.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to data access, modification, or further exploitation of the database.
Classification
Writeup 80%
Target:
XOS Shop 1.0 rc7o
No auth needed
Prerequisites:
Access to the vulnerable endpoint · Ability to craft malicious SQL queries