id: idocview-2word-fileupload

info:
  name: IDoc View /html/2word - Arbitrary File Upload
  author: DhiyaneshDK
  severity: high
  metadata:
    verified: true
    max-request: 1
    fofa-query: title=="在线文档预览 - I Doc View"
  tags: idoc,rce,instrusive,file-upload

variables:
  file: "{{to_lower(rand_text_alpha(5))}}"

http:
  - method: GET
    path:
      - "{{BaseURL}}/html/2word?url={{file}}"

    matchers-condition: and
    matchers:
      - type: word
        part: response
        words:
          - "{{md5(file)}}.docx"

      - type: status
        status:
          - 200
# digest: 490a0046304402207e3c79bb4dbdf56686e19b7b11d4a7537c83c2fbebb0b078b75dcb3fea7e6b2b022006361a9c525d40294de8224267204fafe157a9161b54f62b387aa03405b1604b:922c64590222798bb761d5b6d8e72950