Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-32369 PoC — HSC Cybersecurity HC Mailinspector 安全漏洞

Source
https://github.com/chucrutis/CVE-2024-32369
Associated Vulnerability
Title:HSC Cybersecurity HC Mailinspector 安全漏洞 (CVE-2024-32369)
Description:SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.
Readme
# CVE-2024-32369

**Description:** SQL Injection vulnerability in HSC Cybersecurity HSC Mailinspector v.5.2.17-3 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.

**Versions:** Discovered in HSC Mailinspector 5.2.17-3 but applicable to all versions up to 5.2.18.

## Proof of Concept

The SQL injection vulnerability occurs in the limit parameter of the application's request payload. Specifically, the payload exec=fetch&start=0&limit=30' is susceptible to SQL injection.

> Payload: `exec=fetch&start=0&limit=30'`

## Vulnerable Parameter:

- Parameter: `limit`
- Payload: `exec=fetch&start=0&limit=30'`

![alt text](image.png)
File Snapshot

 [4.0K]  /data/pocs/0d3262befcc72740ec999ae17202c99fdb6c0682
├── [107K]  image.png
└── [ 727]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →