CVE-2021-37291 PoC — KevinLAB Building Energy Management System SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-37291.yaml

Associated Vulnerability

Title:KevinLAB Building Energy Management System SQL注入漏洞 (CVE-2021-37291)
Description:KevinLAB Building Energy Management System（KevinLAB BEMS）是韩国KevinLAB公司的一个建筑能源管理系统。 KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 中存在安全漏洞，攻击者可通过 index.php 中的 input_id POST 参数进行攻击。

Description

KevinLAB BEMS 1.0 contains a SQL injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.

File Snapshot


 id: CVE-2021-37291

info:
  name: KevinLAB BEMS 1.0 - SQL Injection
  author: gy741
  severity: crit

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!