Add module for CVE-2018-25185 (Wecodex SQLi)

[gopikahub006]

Proposed change

This PR adds a new vulnerability detection module for OWASP Nettacker:

• Module: CVE-2018-25185
• Affected: Wecodex Restaurant CMS 1.0
• Detection: Sends a POST request with SQL payload to /login.php and checks for "Welcome admin dashboard"
• Safe: Non-destructive, only detects SQL injection
• Files added:
  • Modules/vuln/cve_2018_25185_vuln.py
  • Modules/vuln/cve_2018_25185.yaml

Closes #71
-->

Type of change

-[✓]New or existing module/payload change

Checklist

• I've followed the contributing guidelines
• I have digitally signed all my commits in this PR
• I've run make pre-commit and confirm it didn't generate any warnings/changes
• I've run make test, I confirm all tests passed locally
• I've added/updated any relevant documentation in the docs/ folder
• I've linked this PR with an open issue
• I've tested and verified that my code works as intended and resolves the issue as described
• I have attached screenshots demonstrating my code works as intended
• I've checked all other open PRs to avoid submitting duplicate work
• I confirm that the code and comments in this PR are not direct unreviewed outputs of AI
• I confirm that I am the Sole Responsible Author for every line of code, comment, and design decision

[coderabbitai]

Summary by CodeRabbit

New Features

• Added a new module to detect CVE-2018-25185, a SQL injection vulnerability in Wecodex Restaurant CMS, enabling identification of vulnerable systems.

Walkthrough

Added a new vulnerability module for CVE-2018-25185 SQL injection detection targeting Wecodex Restaurant CMS. Includes both a YAML configuration file defining HTTP POST payload patterns and a Python module implementing the detection logic with request/response validation.

Changes

Cohort / File(s)	Summary
CVE-2018-25185 SQL Injection Module nettacker/modules/vuln/cve_2018_25185.yaml, nettacker/modules/vuln/cve_2018_25185_vuln.py	Added new vulnerability module with YAML configuration and Python implementation. Module detects SQLi in /login.php using payload admin' OR 1=1-- in username field. Validates vulnerability by checking HTTP 200 status and Welcome admin dashboard response content. Python implementation includes scan function with exception handling for network errors.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Suggested labels

new module

Suggested reviewers

• arkid15r
• securestep9

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Linked Issues check	❓ Inconclusive	The linked issue #71 provides minimal technical requirements beyond fixing issue #69, but the PR adds two module files for CVE-2018-25185 detection as described in the PR description and objectives.	Linked issue #71 lacks specific technical requirements or acceptance criteria. Verify that the module implementation correctly detects CVE-2018-25185 SQL injection as intended.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding a new module for detecting CVE-2018-25185 SQL injection vulnerability in Wecodex CMS.
Description check	✅ Passed	The description is directly related to the changeset, explaining the vulnerability detection module, affected software, detection method, and listing the exact files added.
Out of Scope Changes check	✅ Passed	The PR adds only two files directly related to CVE-2018-25185 detection: a YAML module definition and a Python implementation module, both aligned with stated objectives.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (4)

nettacker/modules/vuln/cve_2018_25185_vuln.py (2)

48-52: Manual testing entry point lacks input validation.

The __main__ block accepts user input without validation. Port should be validated as a numeric value to avoid runtime errors.

♻️ Add basic input validation

 if __name__ == "__main__":
     target_ip = input("Enter target IP: ")
-    target_port = input("Enter target port: ")
+    target_port = input("Enter target port: ").strip()
+    if not target_port.isdigit():
+        print("Error: Port must be a number")
+        exit(1)
     scan(target_ip, target_port)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nettacker/modules/vuln/cve_2018_25185_vuln.py` around lines 48 - 52, The
manual testing entry point (__main__ block) reads target_ip and target_port
without validation; update the block that calls scan(target_ip, target_port) to
validate target_port is a numeric integer in the valid port range (1–65535),
convert it to int before calling scan, and handle invalid input by printing an
error and exiting or re-prompting; ensure any ValueError or non-numeric input is
caught and that scan(...) still receives the correctly-typed parameters
(reference variables target_port and function scan).

---

26-46: Missing type hints and hardcoded HTTP scheme.

The scan() function lacks type hints for parameters and return value. Additionally, the URL is hardcoded to use HTTP only (line 30), which won't detect vulnerable instances running over HTTPS.

If this module is confirmed to be needed by the framework:

♻️ Proposed improvements

-def scan(target_ip, target_port):
+def scan(target_ip: str, target_port: int | str) -> dict:
     """
     Main scan function for the module
+
+    Args:
+        target_ip: Target IP address or hostname
+        target_port: Target port number
+
+    Returns:
+        dict: Scan result with target, port, and status
     """
     url = f"http://{target_ip}:{target_port}/login.php"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nettacker/modules/vuln/cve_2018_25185_vuln.py` around lines 26 - 46, The
scan() function is missing type hints and forces an HTTP-only URL; add type
annotations (e.g., def scan(target_ip: str, target_port: int) -> dict) and
update the URL construction logic (the url variable) to handle HTTPS as well as
HTTP — for example, attempt HTTPS first and fallback to HTTP or accept a scheme
parameter, and reuse the same payload and request logic for both schemes; ensure
return types remain consistent and exception handling still covers both schemes
when calling requests.post.

nettacker/modules/vuln/cve_2018_25185.yaml (2)

33-36: Consider expanding schema and port coverage for broader detection.

The module only targets HTTP on port 8080. Web applications commonly run on ports 80, 443, 8000, and 8443 with both HTTP and HTTPS schemes. This limits detection scope.

♻️ Proposed fix to expand coverage

             data:
               schema:
                 - "http"
+                - "https"
               ports:
                 - 8080
+                - 80
+                - 443

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nettacker/modules/vuln/cve_2018_25185.yaml` around lines 33 - 36, Update the
cve_2018_25185 module to broaden detection by expanding the "schema" and "ports"
lists: add "https" to the schema array and include common web ports such as 80,
443, 8000, and 8443 alongside 8080 in the ports array; ensure any code that
reads these fields (the module config loader that consumes schema and ports in
cve_2018_25185.yaml) handles multiple schemes/ports and adjust any test or
filter logic that assumed only http/8080.

---

31-31: Empty interceptors: key.

The interceptors: key is present but has no value. If not needed, consider removing it for cleaner configuration; otherwise, verify this is the intended behavior.

♻️ Remove if unused

             suffix: ""
-            interceptors:
             data:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nettacker/modules/vuln/cve_2018_25185.yaml` at line 31, The YAML contains an
empty key "interceptors" in the cve_2018_25185 module; either remove the
"interceptors:" entry entirely if no interceptors are required, or populate it
with the intended interceptor configuration (e.g., list or map) to make the
intent explicit; locate the "interceptors" key in
nettacker/modules/vuln/cve_2018_25185.yaml and either delete that line or
replace it with the correct interceptor structure.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@nettacker/modules/vuln/cve_2018_25185_vuln.py`:
- Around line 16-18: Replace the invalid and wildcard imports: remove "from
modules.core import *" and "from modules import print_good, print_error" and
instead import only the specific names used in this file from the correct
package path (e.g., "from nettacker.core import <ExactNamesUsed>" or other
specific functions/classes), and remove or replace references to non-existent
print_good/print_error with the actual logging/util functions present in the
codebase; locate usages of print_good and print_error in cve_2018_25185_vuln.py
and swap them to the correct functions (or import the correct symbols) so there
are no wildcard imports and no imports from non-existent modules.

In `@nettacker/modules/vuln/cve_2018_25185.yaml`:
- Around line 37-38: The YAML payload in cve_2018_25185.yaml currently uses
"username=admin' OR 1=1--&password=test" which conflicts with the Python module
cve_2018_25185_vuln.py that sends "username=' OR 1=1--&password=password";
update one of them so both use the exact same payload string (choose which
canonical payload to keep, e.g., "username=' OR 1=1--&password=password" or
"username=admin' OR 1=1--&password=test") and ensure both the YAML entry and the
payload construction in cve_2018_25185_vuln.py match exactly to avoid
inconsistent detection.

---

Nitpick comments:
In `@nettacker/modules/vuln/cve_2018_25185_vuln.py`:
- Around line 48-52: The manual testing entry point (__main__ block) reads
target_ip and target_port without validation; update the block that calls
scan(target_ip, target_port) to validate target_port is a numeric integer in the
valid port range (1–65535), convert it to int before calling scan, and handle
invalid input by printing an error and exiting or re-prompting; ensure any
ValueError or non-numeric input is caught and that scan(...) still receives the
correctly-typed parameters (reference variables target_port and function scan).
- Around line 26-46: The scan() function is missing type hints and forces an
HTTP-only URL; add type annotations (e.g., def scan(target_ip: str, target_port:
int) -> dict) and update the URL construction logic (the url variable) to handle
HTTPS as well as HTTP — for example, attempt HTTPS first and fallback to HTTP or
accept a scheme parameter, and reuse the same payload and request logic for both
schemes; ensure return types remain consistent and exception handling still
covers both schemes when calling requests.post.

In `@nettacker/modules/vuln/cve_2018_25185.yaml`:
- Around line 33-36: Update the cve_2018_25185 module to broaden detection by
expanding the "schema" and "ports" lists: add "https" to the schema array and
include common web ports such as 80, 443, 8000, and 8443 alongside 8080 in the
ports array; ensure any code that reads these fields (the module config loader
that consumes schema and ports in cve_2018_25185.yaml) handles multiple
schemes/ports and adjust any test or filter logic that assumed only http/8080.
- Line 31: The YAML contains an empty key "interceptors" in the cve_2018_25185
module; either remove the "interceptors:" entry entirely if no interceptors are
required, or populate it with the intended interceptor configuration (e.g., list
or map) to make the intent explicit; locate the "interceptors" key in
nettacker/modules/vuln/cve_2018_25185.yaml and either delete that line or
replace it with the correct interceptor structure.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1633330d-442f-484b-b22e-77a5ab6b4627

📥 Commits

Reviewing files that changed from the base of the PR and between f4c1bbf and dc86375.

📒 Files selected for processing (2)

• nettacker/modules/vuln/cve_2018_25185.yaml
• nettacker/modules/vuln/cve_2018_25185_vuln.py

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify the correct import paths in Nettacker
echo "=== Check package structure ==="
fd -t d -d 2 . nettacker/

echo ""
echo "=== Check how other modules import core functionality ==="
rg -n "^from nettacker" nettacker/modules/ | head -20

echo ""
echo "=== Check if modules.core exists ==="
fd -p "modules/core" nettacker/

Repository: OWASP/Nettacker

Length of output: 561

---

🏁 Script executed:

#!/bin/bash
# Check actual import patterns in modules directory
echo "=== Import patterns in nettacker/modules/ (sample) ==="
rg -n "^(from|import)" nettacker/modules/ | head -30

echo ""
echo "=== Check the specific file content ==="
cat -n nettacker/modules/vuln/cve_2018_25185_vuln.py | head -25

Repository: OWASP/Nettacker

Length of output: 1256

---

🏁 Script executed:

#!/bin/bash
# Find where print_good and print_error are defined
echo "=== Search for print_good and print_error definitions ==="
rg -n "def print_good|def print_error" nettacker/

echo ""
echo "=== Check __init__.py files ==="
find nettacker/ -name "__init__.py" -type f

echo ""
echo "=== Check if modules directory has __init__.py ==="
ls -la nettacker/modules/__init__.py 2>&1

echo ""
echo "=== Check all imports using modules. pattern ==="
rg -n "from modules\.|import modules" nettacker/ | head -20

Repository: OWASP/Nettacker

Length of output: 860

---

🏁 Script executed:

#!/bin/bash
# Search more broadly for print_good and print_error
echo "=== Search for print_good everywhere ==="
rg "print_good" nettacker/ | head -20

echo ""
echo "=== Check a sample of other vuln module imports ==="
head -30 nettacker/modules/vuln/cve_2021_3177_vuln.py 2>/dev/null || head -30 nettacker/modules/scan/*.py 2>/dev/null | head -40

echo ""
echo "=== List some vuln module files ==="
ls nettacker/modules/vuln/ | head -10

echo ""
echo "=== Check core __init__.py for exported functions ==="
head -50 nettacker/core/__init__.py

Repository: OWASP/Nettacker

Length of output: 757

---

🏁 Script executed:

#!/bin/bash
# Find all Python files in modules
echo "=== All .py files in nettacker/modules/ ==="
find nettacker/modules/ -name "*.py" -type f

echo ""
echo "=== Full content of core/__init__.py ==="
cat nettacker/core/__init__.py

echo ""
echo "=== Check main.py for sys.path setup ==="
grep -n "sys.path\|insert\|append" nettacker/main.py | head -20

echo ""
echo "=== Check if modules package exists anywhere ==="
find . -maxdepth 2 -name "modules" -type d

Repository: OWASP/Nettacker

Length of output: 302

---

Fix invalid imports that will cause runtime failure.

The imports are incorrect for Nettacker's package structure:

• from modules.core import * — modules.core doesn't exist; should be from nettacker.core import *
• from modules import print_good, print_error — print_good and print_error don't exist in the codebase

Additionally, the wildcard import makes it impossible to determine what names are being imported and is flagged by static analysis (F403).

🧰 Tools

🪛 Ruff (0.15.7)

[error] 17-17: from modules.core import * used; unable to detect undefined names

(F403)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nettacker/modules/vuln/cve_2018_25185_vuln.py` around lines 16 - 18, Replace
the invalid and wildcard imports: remove "from modules.core import *" and "from
modules import print_good, print_error" and instead import only the specific
names used in this file from the correct package path (e.g., "from
nettacker.core import <ExactNamesUsed>" or other specific functions/classes),
and remove or replace references to non-existent print_good/print_error with the
actual logging/util functions present in the codebase; locate usages of
print_good and print_error in cve_2018_25185_vuln.py and swap them to the
correct functions (or import the correct symbols) so there are no wildcard
imports and no imports from non-existent modules.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Payload inconsistency with companion Python module.

The YAML payload uses username=admin' OR 1=1--&password=test while the Python file (cve_2018_25185_vuln.py line 31) uses username=' OR 1=1--&password=password. Both the username prefix (admin' vs ') and password value (test vs password) differ, which could lead to inconsistent detection results.

Recommend aligning both implementations to use the same payload values.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nettacker/modules/vuln/cve_2018_25185.yaml` around lines 37 - 38, The YAML
payload in cve_2018_25185.yaml currently uses "username=admin' OR
1=1--&password=test" which conflicts with the Python module
cve_2018_25185_vuln.py that sends "username=' OR 1=1--&password=password";
update one of them so both use the exact same payload string (choose which
canonical payload to keep, e.g., "username=' OR 1=1--&password=password" or
"username=admin' OR 1=1--&password=test") and ensure both the YAML entry and the
payload construction in cve_2018_25185_vuln.py match exactly to avoid
inconsistent detection.