elFinder <=2.1.12 - Local File Inclusion

What is the "elFinder <=2.1.12 - Local File Inclusion?" module?

The "elFinder <=2.1.12 - Local File Inclusion" module is designed to detect a vulnerability in the elFinder software version 2.1.12 and below. This vulnerability allows unauthenticated remote attackers to perform local file inclusion, potentially leading to unauthorized access, data manipulation, and other security risks. The severity of this vulnerability is classified as high.

This module was authored by ritikchaddha.

Impact

If exploited, the "elFinder <=2.1.12 - Local File Inclusion" vulnerability can have significant consequences. Attackers can leverage this vulnerability to read, write, and potentially manipulate files on the target system. This can lead to unauthorized access to sensitive information, data leakage, and potential compromise of the entire system.

How does the module work?

The "elFinder <=2.1.12 - Local File Inclusion" module works by sending an HTTP request to the target system's "Connector.minimal.php" file. The request includes a specific command and target parameter that triggers the local file inclusion vulnerability. The module then checks the response for specific conditions to determine if the vulnerability is present.

One example of an HTTP request sent by the module is:

GET /php/connector.minimal.php?cmd=file&target=l1_Li8vLi4vLy4uLy8uLi8vLi4vLy4uLy8uLi9ldGMvcGFzc3dk&download=1 HTTP/1.1
Host: {%Hostname%}
Content-Type: application/x-www-form-urlencoded

The module includes matching conditions to validate the presence of the vulnerability. In this case, it checks for the presence of the string "root:.*:0:0:" in the response, indicating a successful local file inclusion. Additionally, it verifies that the HTTP response status is 200, indicating a successful request.

By detecting these conditions, the module can identify if the target system is vulnerable to the "elFinder <=2.1.12 - Local File Inclusion" vulnerability.