daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/file/nodejs/generic-path-traversal.yaml

22 lines
877 B
YAML
Raw Permalink Blame History

id: generic-path-traversal
info:
name: Generic - Path Traversal
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Untrusted user input in readFile()/readFileSync() can endup in Directory Traversal Attacks.
tags: file,nodejs
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "[^\\.]*\\.createReadStream\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFile\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFileSync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFileAsync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
condition: or
# digest: 4b0a00483046022100e21a018d792fd5746301590fee7667c09666ad26347732653bdf90db09245f150221008bddd8b9b51c116885885104f24ed7cda9f5ba500680a85415390a22c4584a8b:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink