daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update and rename ecshop-sql.yaml to ecshop-sqli.yaml

patch-1
Prince Chaddha 2021-11-08 13:42:13 +05:30 committed by GitHub
parent 797d9066a1
commit 85741bbcf9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
vulnerabilities/other/ecshop-sql.yaml → vulnerabilities/other/ecshop-sqli.yaml
View File

@ -1,13 +1,18 @@
id: ecshop-sqli
info:
name: Ecshop-SQL
name: Ecshop SQLi
author: Lark-lab,ImNightmaree
severity: critical
tags: sql,php,cms
severity: high
reference:
- https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
- https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html
tags: sqli,php,cms,ecshop
requests:
- raw:
- |
POST /user.php HTTP/1.1
GET /user.php?act=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
@ -15,13 +20,11 @@ requests:
Accept-Encoding: gzip, deflate
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
username=admin&password=123456&act=act_login
matchers:
- type: word
words:
- 'XPATH'
- 'MySQL'
- 'Array'
- 'XPATH syntax error:''
- '[error] =>'
- '[0] => Array'
- 'MySQL server error report:Array'
condition: and