From 196dfe4344c15ee3d180afc2c9ebdb27566cadb7 Mon Sep 17 00:00:00 2001 From: geeknik <466878+geeknik@users.noreply.github.com> Date: Tue, 4 Oct 2022 14:57:16 +0000 Subject: [PATCH 1/6] Create exposed-file-upload-form.yaml --- miscellaneous/exposed-file-upload-form.yaml | 22 +++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 miscellaneous/exposed-file-upload-form.yaml diff --git a/miscellaneous/exposed-file-upload-form.yaml b/miscellaneous/exposed-file-upload-form.yaml new file mode 100644 index 0000000000..68e6f94e3f --- /dev/null +++ b/miscellaneous/exposed-file-upload-form.yaml @@ -0,0 +1,22 @@ +id: exposed-file-upload-form + +info: + name: Exposed File Upload Form + author: geeknik + severity: medium + reference: none + tags: exposure,upload,form + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + - type: regex + regex: + - + - + - + part: body From c3926739dbbbfb4a7b8512a7db1a3941c41aef59 Mon Sep 17 00:00:00 2001 From: geeknik <466878+geeknik@users.noreply.github.com> Date: Wed, 5 Oct 2022 12:26:09 +0000 Subject: [PATCH 2/6] Update exposed-file-upload-form.yaml fix some FP issues. --- miscellaneous/exposed-file-upload-form.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/miscellaneous/exposed-file-upload-form.yaml b/miscellaneous/exposed-file-upload-form.yaml index 68e6f94e3f..698c63c7ec 100644 --- a/miscellaneous/exposed-file-upload-form.yaml +++ b/miscellaneous/exposed-file-upload-form.yaml @@ -17,6 +17,11 @@ requests: - type: regex regex: - - - + - - part: body + + - type: word + words: + - 'login' + negative: true From 4986827447ee9471d98a22e8c4fed7ca574021e4 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 19 Jan 2023 14:42:32 +0530 Subject: [PATCH 3/6] updated matcher --- miscellaneous/exposed-file-upload-form.yaml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/miscellaneous/exposed-file-upload-form.yaml b/miscellaneous/exposed-file-upload-form.yaml index 698c63c7ec..db82a157bc 100644 --- a/miscellaneous/exposed-file-upload-form.yaml +++ b/miscellaneous/exposed-file-upload-form.yaml @@ -3,8 +3,10 @@ id: exposed-file-upload-form info: name: Exposed File Upload Form author: geeknik - severity: medium - reference: none + severity: low + metadata: + verified: true + shodan-query: title:"JBoss" tags: exposure,upload,form requests: @@ -19,9 +21,10 @@ requests: - - - - part: body + condition: or - type: word words: - - 'login' - negative: true + - 'type="file"' + - 'id="file"' + condition: or From 043416439ceb27568504f16befd96671bab21244 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 19 Jan 2023 14:43:27 +0530 Subject: [PATCH 4/6] updated metadata --- miscellaneous/exposed-file-upload-form.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/miscellaneous/exposed-file-upload-form.yaml b/miscellaneous/exposed-file-upload-form.yaml index db82a157bc..3f0f1e9ac6 100644 --- a/miscellaneous/exposed-file-upload-form.yaml +++ b/miscellaneous/exposed-file-upload-form.yaml @@ -6,7 +6,7 @@ info: severity: low metadata: verified: true - shodan-query: title:"JBoss" + shodan-query: http.html:"multipart/form-data" tags: exposure,upload,form requests: From cd5d6f85887353375df25b599fdd3b3a2d7b0cb9 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 19 Jan 2023 15:17:55 +0530 Subject: [PATCH 5/6] updated matchers --- miscellaneous/exposed-file-upload-form.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/miscellaneous/exposed-file-upload-form.yaml b/miscellaneous/exposed-file-upload-form.yaml index 3f0f1e9ac6..3a152305bd 100644 --- a/miscellaneous/exposed-file-upload-form.yaml +++ b/miscellaneous/exposed-file-upload-form.yaml @@ -6,7 +6,7 @@ info: severity: low metadata: verified: true - shodan-query: http.html:"multipart/form-data" + shodan-query: http.html:"multipart/form-data" html:"file" tags: exposure,upload,form requests: @@ -19,12 +19,12 @@ requests: - type: regex regex: - - - + - - condition: or - - type: word - words: - - 'type="file"' + - type: regex + regex: + - "type=[\"'](file)[\"']" - 'id="file"' condition: or From 54b72b67aee2680ee578e1bf47860d9c9c1ac9d9 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 26 Jan 2023 21:06:55 +0530 Subject: [PATCH 6/6] change low -> info --- miscellaneous/exposed-file-upload-form.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/miscellaneous/exposed-file-upload-form.yaml b/miscellaneous/exposed-file-upload-form.yaml index 3a152305bd..e1bd5c7bec 100644 --- a/miscellaneous/exposed-file-upload-form.yaml +++ b/miscellaneous/exposed-file-upload-form.yaml @@ -3,7 +3,7 @@ id: exposed-file-upload-form info: name: Exposed File Upload Form author: geeknik - severity: low + severity: info metadata: verified: true shodan-query: http.html:"multipart/form-data" html:"file"