Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Crystal Live HTTP Server 6.01 - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#lfi#crystal
Description

Crystal Live HTTP Server 6.01 - Local File Inclusion

What is the Crystal Live HTTP Server 6.01 - Local File Inclusion?

The Crystal Live HTTP Server 6.01 - Local File Inclusion module is designed to detect and report vulnerabilities related to local file inclusion in Crystal Live HTTP Server 6.01. This module focuses on identifying misconfigurations or vulnerabilities that could potentially allow an attacker to include and execute arbitrary files on the server.

This module has a severity level of high, indicating that the identified vulnerabilities can have a significant impact on the security and functionality of the server.

The Crystal Live HTTP Server 6.01 - Local File Inclusion module was created by an undisclosed author.

Impact

A successful exploitation of the local file inclusion vulnerability in Crystal Live HTTP Server 6.01 can lead to unauthorized access to sensitive files and directories on the server. This can potentially expose confidential information, compromise the integrity of the server, and enable further attacks.

How the module works?

The Crystal Live HTTP Server 6.01 - Local File Inclusion module works by sending HTTP requests to the target server and analyzing the responses for specific patterns. It specifically targets the vulnerability by attempting to include files located outside the intended directory structure.

An example of an HTTP request used by this module is:

GET /../../../../../../../../../../../../windows/win.ini

The module then examines the response body for the presence of certain keywords, such as "bit app support," "fonts," and "extensions." If these keywords are found, it indicates a potential successful inclusion of the specified file.

The matching conditions for this module are:

- The response body must contain the words "bit app support," "fonts," and "extensions" (all conditions must be met).

By detecting these conditions, the module can identify instances of local file inclusion vulnerabilities in Crystal Live HTTP Server 6.01.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/../../../../../../....
Matching conditions
word: bit app support, fonts, extensions
Passive global matcher
No matching conditions.
On match action
Report vulnerability