nuclei-templates/http/vulnerabilities/weaver/weaver-checkserver-sqli.yaml

id: weaver-checkserver-sqli

info:
  name: Ecology OA CheckServer - SQL Injection
  author: SleepingBag945
  severity: high
  description: |
    Ecology OA system improperly filters incoming data from users, resulting in a SQL injection vulnerability. Remote and unauthenticated attackers can use this vulnerability to conduct SQL injection attacks and steal sensitive database information.
  reference:
    - https://stack.chaitin.com/techblog/detail?id=81
    - https://github.com/lal0ne/vulnerability/blob/main/%E6%B3%9B%E5%BE%AE/E-Cology/CheckServer/README.md
    - https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/weaver-ecology-oa-plugin-checkserver-setting-sqli.yaml
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="泛微-协同办公OA"
  tags: weaver,ecology,sqli

http:
  - method: GET
    path:
      - "{{BaseURL}}/mobile/plugin/CheckServer.jsp?type=mobileSetting"

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains_all(header, 'application/json','ecology_')"
          - "contains(body, 'error\":\"system error') && !contains(body, 'securityIntercept')"
        condition: and

# digest: 4a0a0047304502203971c4e5664482479370bb1b1f56e4615b5a7d7b64f74ea6104ba1161c63cc3e022100c1e6508ec3615a4313c8cf683984d8424cd47b0d3b340e04a0e81cb5f713e4cf:922c64590222798bb761d5b6d8e72950
completed assigned templates 2023-09-13 11:22:00 +00:00			`id: weaver-checkserver-sqli`

			`info:`
			`name: Ecology OA CheckServer - SQL Injection`
			`author: SleepingBag945`
			`severity: high`
			`description: \|`
			`Ecology OA system improperly filters incoming data from users, resulting in a SQL injection vulnerability. Remote and unauthenticated attackers can use this vulnerability to conduct SQL injection attacks and steal sensitive database information.`
			`reference:`
			`- https://stack.chaitin.com/techblog/detail?id=81`
			`- https://github.com/lal0ne/vulnerability/blob/main/%E6%B3%9B%E5%BE%AE/E-Cology/CheckServer/README.md`
			`- https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/weaver-ecology-oa-plugin-checkserver-setting-sqli.yaml`
			`metadata:`
			`verified: true`
templateman update 2023-10-14 11:27:55 +00:00			`max-request: 1`
template update 2023-09-18 12:37:42 +00:00			`fofa-query: app="泛微-协同办公OA"`
completed assigned templates 2023-09-13 11:22:00 +00:00			`tags: weaver,ecology,sqli`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/mobile/plugin/CheckServer.jsp?type=mobileSetting"`

			`matchers:`
			`- type: dsl`
			`dsl:`
			`- "status_code == 200"`
template update 2023-09-18 12:37:42 +00:00			`- "contains_all(header, 'application/json','ecology_')"`
			`- "contains(body, 'error\":\"system error') && !contains(body, 'securityIntercept')"`
templateman update 2023-10-14 11:27:55 +00:00			`condition: and`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4a0a0047304502203971c4e5664482479370bb1b1f56e4615b5a7d7b64f74ea6104ba1161c63cc3e022100c1e6508ec3615a4313c8cf683984d8424cd47b0d3b340e04a0e81cb5f713e4cf:922c64590222798bb761d5b6d8e72950`