nuclei-templates/http/vulnerabilities/idoc/idocview-2word-fileupload.yaml

31 lines
789 B
YAML
Raw Normal View History

id: idocview-2word-fileupload
info:
name: IDoc View /html/2word - Arbitrary File Upload
author: DhiyaneshDK
severity: high
metadata:
verified: true
max-request: 1
fofa-query: title=="在线文档预览 - I Doc View"
tags: idoc,rce,instrusive,file-upload
variables:
file: "{{to_lower(rand_text_alpha(5))}}"
http:
- method: GET
path:
- "{{BaseURL}}/html/2word?url={{file}}"
matchers-condition: and
matchers:
- type: word
part: response
words:
- "{{md5(file)}}.docx"
- type: status
status:
- 200
# digest: 490a0046304402207e3c79bb4dbdf56686e19b7b11d4a7537c83c2fbebb0b078b75dcb3fea7e6b2b022006361a9c525d40294de8224267204fafe157a9161b54f62b387aa03405b1604b:922c64590222798bb761d5b6d8e72950