32 lines
802 B
YAML
32 lines
802 B
YAML
id: arcade-php-sqli
|
|
|
|
info:
|
|
name: Arcade.php - SQL Injection
|
|
author: MaStErChO
|
|
severity: high
|
|
description: |
|
|
The arcade.php script is vulnerable to SQL injection. By exploiting this vulnerability, an attacker can manipulate the SQL queries executed by the script, potentially gaining unauthorized access to the database.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/29604
|
|
- https://github.com/OWASP/vbscan/
|
|
metadata:
|
|
max-request: 1
|
|
verified: true
|
|
tags: arcade,php,vbulletin,sqli
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/arcade.php?act=Arcade&do=stats&comment=a&s_id=1'"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "mySQL query error"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|