daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

misc update

patch-1
sandeep 2021-10-26 14:32:23 +05:30
parent 1986e1211d
commit 2fa9791bdc
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves/2021/CVE-2021-42258.yaml
View File

@ -4,17 +4,17 @@ info:
name: BillQuick Web Suite SQLi
author: dwisiswant0
severity: high
tags: bqe,cve,cve2021,sqli
tags: cve,cve2021,sqli,billquick
description: |
This template supports the detection part only. See references.
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1
allows SQL injection for unauthenticated remote code execution,
as exploited in the wild in October 2021 for ransomware installation.
SQL injection can, for example, use the txtID (aka username) parameter.
Successful exploitation can include the ability to execute
arbitrary code as MSSQLSERVER$ via xp_cmdshell.
reference: https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
reference:
- https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
- https://nvd.nist.gov/vuln/detail/CVE-2021-42258
requests:
- raw: