daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor update

patch-4
Dhiyaneshwaran 2024-07-09 15:49:53 +05:30 committed by GitHub
parent 849b0a88b4
commit cdd6abec83
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
http/vulnerabilities/other/pingsheng-electronic-sqli.yaml
View File

@ -5,11 +5,12 @@ info:
author: securityforeveryone
severity: critical
description: |
There is a SQL injection vulnerability in the GetAllRechargeRecordsBySIMCardId interface of Pingsheng Electronic Reservoir Supervision Platform. Attackers can access data in the database without authorization, thereby stealing user data and causing user information leakage.
There is a SQL injection vulnerability in the GetAllRechargeRecordsBySIMCardId interface of Pingsheng Electronics Reservoir Supervision Platform. An attacker can access the data in the database without authorization, thereby stealing user data and leaking user information.
reference:
- https://github.com/wy876/POC/blob/main/%E5%B9%B3%E5%8D%87%E7%94%B5%E5%AD%90%E6%B0%B4%E5%BA%93%E7%9B%91%E7%AE%A1%E5%B9%B3%E5%8F%B0GetAllRechargeRecordsBySIMCardId%E6%8E%A5%E5%8F%A3%E5%A4%84%E5%AD%98%E5%9C%A8SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
- https://github.com/zan8in/pxplan/blob/main/goby_pocs/10-13-crack/redteam_20230316121609/CVD-2022-5560.go
metadata:
verified: true
verified: "true"
max-request: 1
fofa-query: "js/PSExtend.js"
tags: sqli,pingsheng
@ -28,6 +29,7 @@ http:
- type: dsl
dsl:
- 'duration>=6'
- 'contains_all(body,"Result","false","Message","?xml version")'
- 'contains_all(body,"Result","false","Message")'
- 'contains(content_type,"text/xml")'
- 'status_code == 200'
condition: and