32 lines
995 B
YAML
32 lines
995 B
YAML
id: arcade-php-sqli
|
|
|
|
info:
|
|
name: Arcade.php - SQL Injection
|
|
author: MaStErChO
|
|
severity: high
|
|
description: |
|
|
The arcade.php script is vulnerable to SQL injection. By exploiting this vulnerability, an attacker can manipulate the SQL queries executed by the script, potentially gaining unauthorized access to the database.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/29604
|
|
- https://github.com/OWASP/vbscan/
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
tags: arcade,php,vbulletin,sqli
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/arcade.php?act=Arcade&do=stats&comment=a&s_id=1'"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "mySQL query error"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100d921ed65aad7228dd34b61a61b1e26457c3174f80ff57bf5657b31b756ad0e0f02206aa79bc110845dd8b682005cfbd94ddc22e705505ea016f0f67e9700bda21330:922c64590222798bb761d5b6d8e72950 |