Merge pull request #7526 from mastercho/arcadephp

Added ardace.php SQL Inj template
2023-06-29 11:43:33 +05:30 · 2023-06-29 11:43:33 +05:30 · 956ef19f42
parent 098ae93b3b 84380cffbd
commit 956ef19f42
1 changed files with 31 additions and 0 deletions
--- a/http/vulnerabilities/vbulletin/arcade-php-sqli.yaml
+++ b/http/vulnerabilities/vbulletin/arcade-php-sqli.yaml
@ -0,0 +1,31 @@
+id: arcade-php-sqli
+
+info:
+  name: Arcade.php - SQL Injection
+  author: MaStErChO
+  severity: high
+  description: |
+    The arcade.php script is vulnerable to SQL injection. By exploiting this vulnerability, an attacker can manipulate the SQL queries executed by the script, potentially gaining unauthorized access to the database.
+  reference:
+    - https://www.exploit-db.com/exploits/29604
+    - https://github.com/OWASP/vbscan/
+  metadata:
+    max-request: 1
+    verified: true
+  tags: arcade,php,vbulletin,sqli
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/arcade.php?act=Arcade&do=stats&comment=a&s_id=1'"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "mySQL query error"
+
+      - type: status
+        status:
+          - 200