Cloudboot has SQL injection
allen909 opened this issue · comments
meng commented
A sql injection was discovered in cloudboot
There is a sql injection vulnerability which allows remote attackers to inject sql command of /api/osinstall/v1/device/getNumByStatus
PoC:
POST /api/osinstall/v1/device/getNumByStatus HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
{"Status":"1'order by 2#","UserID":0}
"Status" is the injection point
penggy commented
yes it is. already fixed at enterprise version.
Jericho commented
@kedadiannao220 Could you link to a fixing commit please?