id: arcade-php-sqli

info:
  name: Arcade.php - SQL Injection
  author: MaStErChO
  severity: high
  description: |
    The arcade.php script is vulnerable to SQL injection. By exploiting this vulnerability, an attacker can manipulate the SQL queries executed by the script, potentially gaining unauthorized access to the database.
  reference:
    - https://www.exploit-db.com/exploits/29604
    - https://github.com/OWASP/vbscan/
  metadata:
    verified: true
    max-request: 1
  tags: arcade,php,vbulletin,sqli

http:
  - method: GET
    path:
      - "{{BaseURL}}/arcade.php?act=Arcade&do=stats&comment=a&s_id=1'"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "mySQL query error"

      - type: status
        status:
          - 200

# digest: 4a0a00473045022100d921ed65aad7228dd34b61a61b1e26457c3174f80ff57bf5657b31b756ad0e0f02206aa79bc110845dd8b682005cfbd94ddc22e705505ea016f0f67e9700bda21330:922c64590222798bb761d5b6d8e72950