Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Asanhamayesh CMS 3.4.6 - Local File Inclusion" module is designed to detect a vulnerability in the Asanhamayesh CMS 3.4.6 software. This vulnerability allows an attacker to include local files from the server, potentially leading to unauthorized access or disclosure of sensitive information. The severity of this vulnerability is classified as high.
This module was authored by 0x_Akoko.
If successfully exploited, the local file inclusion vulnerability in Asanhamayesh CMS 3.4.6 can have serious consequences. An attacker could potentially access sensitive files on the server, such as configuration files or user credentials. This could lead to further compromise of the system or unauthorized access to sensitive information.
The module works by sending an HTTP request to the target server with a specific path parameter that triggers the local file inclusion vulnerability. For example, it may send a request to "/downloadfile.php?file=../../../../../../../../../../etc/passwd".
The module then applies matching conditions to the response received from the server. In this case, it checks if the response contains the string "root:[x*]:0:0" using a regular expression matcher. It also checks if the response status code is 200. If both conditions are met, the module reports the vulnerability.
By detecting this vulnerability, the module helps identify potential security risks in Asanhamayesh CMS 3.4.6 installations and allows for timely remediation to prevent unauthorized access and data breaches.
Reference:
- https://cxsecurity.com/issue/WLB-2018030006
Metadata