Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Bullwark Momentum Series JAWS 1.0 - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#lfi#edb#bullwark
Description

What is the "Bullwark Momentum Series JAWS 1.0 - Local File Inclusion?"

The "Bullwark Momentum Series JAWS 1.0 - Local File Inclusion" module is designed to detect vulnerabilities related to local file inclusion in the Bullwark Momentum Series JAWS 1.0 software. This module focuses on identifying misconfigurations or vulnerabilities that could potentially allow an attacker to include and execute arbitrary files on the target system. The severity of this module is classified as high, indicating the potential for significant impact if left unaddressed.

Impact

A successful exploitation of the local file inclusion vulnerability in the Bullwark Momentum Series JAWS 1.0 software could allow an attacker to access sensitive files or execute arbitrary code on the target system. This can lead to unauthorized access, data leakage, or even complete compromise of the affected system.

How the module works?

The module sends an HTTP request to the target system, attempting to include the "/etc/passwd" file using a specific path traversal technique. The request is crafted to exploit the vulnerability and retrieve the contents of the file. The module then applies matching conditions to determine if the exploitation was successful.

The matching conditions include:

- Status: The response status code must be 200, indicating a successful request. - Regex: The response body must contain the string "root:.*:0:0:", indicating the presence of the root user entry in the "/etc/passwd" file.

If both matching conditions are met, the module reports a vulnerability, indicating that the target system is susceptible to local file inclusion.

For more information about the "Bullwark Momentum Series JAWS 1.0 - Local File Inclusion" module, please refer to the original author's documentation.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
status: 200and
regex: root:.*:0:0:
Passive global matcher
No matching conditions.
On match action
Report vulnerability