一、 漏洞 CVE-2021-47782 基础信息
漏洞信息
# Odine GateKeeper 1.0 SQL注入漏洞
N/A
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vulnerability by sending crafted payloads to the /rass/api/v1/trafficCycle/ endpoint to manipulate PostgreSQL database queries and potentially extract sensitive information.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2021-47782 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
三、漏洞 CVE-2021-47782 的情报信息
标题: Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection - Multiple webapps Exploit -- 🔗来源链接
标签:exploit
神龙速读:### 漏洞关键信息 - **EDB-ID**: 50381 - **漏洞类型**: SQL Injection - **受影响软件**: Odine Solutions GateKeeper 1.0 - **漏洞参数**: trafficCycle - **作者**: Emel Basayar - **日期**: 2021-10-06 - **平台**: Multiple - **验证状态**: EDB Verified: No #### Description The vulnerability allows an attacker to inject SQL commands from the search section with the `trafficCycle` parameter. #### Proof of Concept (PoC) ```plaintext GET /rass/api/v1/trafficCycle/98 HTTP/1.1 Payload: https://192.168.1.25:443/rass/api/v1/trafficCycle/98' AND 5042=CAST(((CHR(113)||CHR(118)||CHR(112)||CHR(118)|| CHR(113))||(SELECT (CASE WHEN (5042=5042) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(118)||CHR(98)||CHR(120)||CHR(113))) AS NUMERIC)-- yrdB ``` #### 攻击类型 - PostgreSQL AND error-based - WHERE or HAVING clause - PostgreSQL > 8.1 stacked queries (comment) - PostgreSQL > 8.1 AND time-based blind #### 技术信息 - Web application technology: Nginx - Back-end DBMS: PostgreSQL
标题: Odine Gatekeeper™ - Voice Fraud Management | Odine -- 🔗来源链接
标签:product
神龙速读:- **Cookie Consent Prompt** - The website uses cookies, necessary, preferences, statistics, and marketing cookies can be managed. - There is an option to deny, allow selection, or allow all cookies. - **Odine Gatekeeper™** - The screenshot highlights Odine Gatekeeper™, but no specific details on vulnerabilities are present. - **Footer Information** - Contains various contact points for different regions, including EMEA HQ, Central Europe, MEA, South Africa, R&D Istanbul, R&D Izmir, and the Ankara Office. - **Certifications and Awards** - Displays multiple accolades and certifications such as, - 2023-2024 Capacity Telco Vendor - Deloitte Best Managed Companies and Technology Fast 50 for 2020-2021-2024 winners - ISO 9001, 14001, 15504, 27001, 22301, 20001, 33002 certifications.
标题: Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection | Advisories | VulnCheck -- 🔗来源链接
标签:third-party-advisory
神龙速读:## 关键漏洞信息 ### 标题 Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection ### 严重性 HIGH ### 日期 January 15, 2026 ### 影响 - Odine Solutions GateKeeper 1.0 ### CVE CVE-2021-47782 ### CWE CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ### CVSS CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N ### 参考 - ExploitDB-50381 - Odine Solutions GateKeeper Product Homepage ### 提交者 Emel Basayar ### 描述 Odine Solutions GateKeeper 1.0 在 trafficCycle API 端点中存在 SQL 注入漏洞,允许远程攻击者注入恶意数据库查询。攻击者可以通过向 /rass/api/v1/trafficCycle/ 端点发送精心设计的有效载荷来利用该漏洞,操纵 PostgreSQL 数据库查询并潜在地提取敏感信息。
- https://nvd.nist.gov/vuln/detail/CVE-2021-47782
四、漏洞 CVE-2021-47782 的评论
暂无评论