mirror of
https://github.com/SleepingBag945/dddd.git
synced 2025-06-13 02:34:03 +00:00
21 lines
528 B
YAML
21 lines
528 B
YAML
id: chanjetcrm-createsite-sqli
|
|
|
|
info:
|
|
name: Chanjetcrm - create_site SQL Injection
|
|
author: unknown
|
|
severity: critical
|
|
description: |
|
|
There is an SQL injection vulnerability in the Changjetcrm financial crm system under Yonyou.
|
|
reference:
|
|
- https://stack.chaitin.com/techblog/detail?id=10
|
|
tags: chanjetcrm,sqli
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/WebSer~1/create_site.php?site_id=1"
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "register fail,please again"
|
|
part: body |