Skip to content
Nuclei Templates

LVS Lean Value Management System Business - Directory Listing

ID: lean-value-listing

Severity: low

Author: pussycat0x

Tags: lean-value,misconfig,listing

Description

Section titled “Description”

Multiple systems of Hangzhou Jila Technology Co., Ltd. have been found to have directory traversal vulnerabilities. These vulnerabilities arise from the inadequate access controls implemented in the /Business/ directory. Malicious actors can potentially leverage these vulnerabilities to illicitly access sensitive information.

YAML Source

Section titled “YAML Source”
id: lean-value-listing


info:
  name: LVS Lean Value Management System Business - Directory Listing
  author: pussycat0x
  severity: low
  description: |
    Multiple systems of Hangzhou Jila Technology Co., Ltd. have been found to have directory traversal vulnerabilities. These vulnerabilities arise from the inadequate access controls implemented in the /Business/ directory. Malicious actors can potentially leverage these vulnerabilities to illicitly access sensitive information.
  reference:
    - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E5%90%89%E6%8B%89%E7%A7%91%E6%8A%80%20LVS%E7%B2%BE%E7%9B%8A%E4%BB%B7%E5%80%BC%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20Business%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md
  metadata:
    verified: true
    max-request: 1
    fofa-query: "Supperd By 吉拉科技"
  tags: lean-value,misconfig,listing


http:
  - method: GET
    path:
      - "{{BaseURL}}/Business/"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '/Business/'
          - 'AgencytaskList.aspx'
        condition: and


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100e01edd9fe3a83063dab7948e42c4f68981208affcb85bc49f4056fb221a5286b02206974229ab0c4f16a016dc2f8dc3587918ea08f7b464b9661b49737ef402e521d:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/vulnerabilities/other/lean-value-listing.yaml"

View on Github