nuclei-templates/technologies/elfinder-version.yaml

id: elfinder-version

info:
  name: elFinder version extractor
  author: idealphase
  severity: info
  description: elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary
    code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
  reference:
    - https://github.com/Studio-42/elFinder/
  tags: tech,elfinder,oss

requests:
  - method: GET
    path:
      - "{{BaseURL}}/js/elfinder.min.js"
      - "{{BaseURL}}/js/elFinder.version.js"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "elFinder - file manager for web"
          - "elFinder.prototype.version ="
        condition: or

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        group: 1
        regex:
          - '\* Version (.+) \('
          - "elFinder.prototype.version = '([0-9.]+)';"
Added elfinder-version.yaml Added elfinder-version.yaml 2022-04-10 07:44:36 +00:00			`id: elfinder-version`

			`info:`
			`name: elFinder version extractor`
			`author: idealphase`
			`severity: info`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`description: elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary`
			`code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.`
Added elfinder-version.yaml Added elfinder-version.yaml 2022-04-10 07:44:36 +00:00			`reference:`
			`- https://github.com/Studio-42/elFinder/`
Update elfinder-version.yaml 2022-04-12 13:38:36 +00:00			`tags: tech,elfinder,oss`
Added elfinder-version.yaml Added elfinder-version.yaml 2022-04-10 07:44:36 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/js/elfinder.min.js"`
Update elfinder-version.yaml 2022-04-12 13:38:36 +00:00			`- "{{BaseURL}}/js/elFinder.version.js"`
Added elfinder-version.yaml Added elfinder-version.yaml 2022-04-10 07:44:36 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "elFinder - file manager for web"`
Update elfinder-version.yaml 2022-04-12 13:38:36 +00:00			`- "elFinder.prototype.version ="`
			`condition: or`
Added elfinder-version.yaml Added elfinder-version.yaml 2022-04-10 07:44:36 +00:00
			`- type: status`
			`status:`
			`- 200`

			`extractors:`
			`- type: regex`
			`group: 1`
			`regex:`
Update elfinder-version.yaml 2022-04-12 13:44:04 +00:00			`- '\* Version (.+) \('`
			`- "elFinder.prototype.version = '([0-9.]+)';"`