From 724e3500771cab6eef43b88a4e00424027e05e93 Mon Sep 17 00:00:00 2001
From: mastercho <souljanboy@gmail.com>
Date: Sat, 24 Jun 2023 02:25:56 +0300
Subject: [PATCH 1/3] Added ardace.php SQL Inj template

---
 .../vbulletin/arcade-sql-inj.yaml             | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 http/vulnerabilities/vbulletin/arcade-sql-inj.yaml

diff --git a/http/vulnerabilities/vbulletin/arcade-sql-inj.yaml b/http/vulnerabilities/vbulletin/arcade-sql-inj.yaml
new file mode 100644
index 0000000000..31a903225e
--- /dev/null
+++ b/http/vulnerabilities/vbulletin/arcade-sql-inj.yaml
@@ -0,0 +1,30 @@
+id: arcade-php-sql-injection
+
+info:
+  name: arcade.php SQL Injection
+  author: MaStErChO
+  severity: high
+  description: |
+    The arcade.php script is vulnerable to SQL injection. By exploiting this vulnerability, an attacker can manipulate the SQL queries executed by the script, potentially gaining unauthorized access to the database.
+
+  reference:
+    - https://www.exploit-db.com/exploits/29604
+    - https://github.com/OWASP/vbscan/
+
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/arcade.php?act=Arcade&do=stats&comment=a&s_id=1'"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "mySQL error"
+
+      - type: status
+        status:
+          - 200
+

From 19610568a3384d1f9ce38ff68f8c1f2be555669e Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Sat, 24 Jun 2023 23:52:39 +0530
Subject: [PATCH 2/3] lint and format fix

---
 http/vulnerabilities/php-arcade-sqli.yaml     | 29 ++++++++++++++++++
 .../vbulletin/arcade-sql-inj.yaml             | 30 -------------------
 2 files changed, 29 insertions(+), 30 deletions(-)
 create mode 100644 http/vulnerabilities/php-arcade-sqli.yaml
 delete mode 100644 http/vulnerabilities/vbulletin/arcade-sql-inj.yaml

diff --git a/http/vulnerabilities/php-arcade-sqli.yaml b/http/vulnerabilities/php-arcade-sqli.yaml
new file mode 100644
index 0000000000..c246a2a961
--- /dev/null
+++ b/http/vulnerabilities/php-arcade-sqli.yaml
@@ -0,0 +1,29 @@
+id: php-arcade-sqli
+
+info:
+  name: PHP QUICK ARCADE 3.0.21 - SQL Injection
+  author: MaStErChO
+  severity: high
+  description: |
+    A vulnerability was found in Jcink PHP-Quick-Arcade 3.0.21 (Programming Language Software). It has been declared as critical. This vulnerability affects an unknown code of the file Arcade.php. The manipulation of the argument id with an unknown input leads to a sql injection vulnerability. The CWE definition for the vulnerability is CWE-89. The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
+  reference:
+    - https://www.exploit-db.com/exploits/29604
+    - https://vuldb.com/?id.53008
+    - https://github.com/OWASP/vbscan/
+  tags: arcade,sqli
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/arcade.php?act=Arcade&do=stats&comment=a&s_id=1'"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "mySQL error"
+
+      - type: status
+        status:
+          - 200
diff --git a/http/vulnerabilities/vbulletin/arcade-sql-inj.yaml b/http/vulnerabilities/vbulletin/arcade-sql-inj.yaml
deleted file mode 100644
index 31a903225e..0000000000
--- a/http/vulnerabilities/vbulletin/arcade-sql-inj.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-id: arcade-php-sql-injection
-
-info:
-  name: arcade.php SQL Injection
-  author: MaStErChO
-  severity: high
-  description: |
-    The arcade.php script is vulnerable to SQL injection. By exploiting this vulnerability, an attacker can manipulate the SQL queries executed by the script, potentially gaining unauthorized access to the database.
-
-  reference:
-    - https://www.exploit-db.com/exploits/29604
-    - https://github.com/OWASP/vbscan/
-
-
-http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/arcade.php?act=Arcade&do=stats&comment=a&s_id=1'"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "mySQL error"
-
-      - type: status
-        status:
-          - 200
-

From 84380cffbd1bbec572f1bbe10589ade100a673af Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Wed, 28 Jun 2023 17:18:50 +0530
Subject: [PATCH 3/3] reverted back with updates

---
 http/vulnerabilities/php-arcade-sqli.yaml     | 29 -----------------
 .../vbulletin/arcade-php-sqli.yaml            | 31 +++++++++++++++++++
 2 files changed, 31 insertions(+), 29 deletions(-)
 delete mode 100644 http/vulnerabilities/php-arcade-sqli.yaml
 create mode 100644 http/vulnerabilities/vbulletin/arcade-php-sqli.yaml

diff --git a/http/vulnerabilities/php-arcade-sqli.yaml b/http/vulnerabilities/php-arcade-sqli.yaml
deleted file mode 100644
index c246a2a961..0000000000
--- a/http/vulnerabilities/php-arcade-sqli.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-id: php-arcade-sqli
-
-info:
-  name: PHP QUICK ARCADE 3.0.21 - SQL Injection
-  author: MaStErChO
-  severity: high
-  description: |
-    A vulnerability was found in Jcink PHP-Quick-Arcade 3.0.21 (Programming Language Software). It has been declared as critical. This vulnerability affects an unknown code of the file Arcade.php. The manipulation of the argument id with an unknown input leads to a sql injection vulnerability. The CWE definition for the vulnerability is CWE-89. The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
-  reference:
-    - https://www.exploit-db.com/exploits/29604
-    - https://vuldb.com/?id.53008
-    - https://github.com/OWASP/vbscan/
-  tags: arcade,sqli
-
-http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/arcade.php?act=Arcade&do=stats&comment=a&s_id=1'"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "mySQL error"
-
-      - type: status
-        status:
-          - 200
diff --git a/http/vulnerabilities/vbulletin/arcade-php-sqli.yaml b/http/vulnerabilities/vbulletin/arcade-php-sqli.yaml
new file mode 100644
index 0000000000..583ace20dd
--- /dev/null
+++ b/http/vulnerabilities/vbulletin/arcade-php-sqli.yaml
@@ -0,0 +1,31 @@
+id: arcade-php-sqli
+
+info:
+  name: Arcade.php - SQL Injection
+  author: MaStErChO
+  severity: high
+  description: |
+    The arcade.php script is vulnerable to SQL injection. By exploiting this vulnerability, an attacker can manipulate the SQL queries executed by the script, potentially gaining unauthorized access to the database.
+  reference:
+    - https://www.exploit-db.com/exploits/29604
+    - https://github.com/OWASP/vbscan/
+  metadata:
+    max-request: 1
+    verified: true
+  tags: arcade,php,vbulletin,sqli
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/arcade.php?act=Arcade&do=stats&comment=a&s_id=1'"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "mySQL query error"
+
+      - type: status
+        status:
+          - 200