id: timetrax-sql-injection
info:
  name: TimeTrax Unauth SQLi
  author: efran
  severity: high
  description: Checks for SQL Injection vulnerability.
  reference:
    - https://owasp.org/www-community/attacks/SQL_Injection
  tags: sqlinj,vuln,cve

requests:
  - method: GET
    path:
      - "{{BaseURL}}/search.aspx?q='"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Unclosed quotation mark after the character string"
        part: body

      - type: status
        status:
          - 500