Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "EWEBS - Local File Inclusion" module is designed to detect a vulnerability in the EWEBS software. This vulnerability allows remote attackers to disclose the content of locally stored files through the 'Language_S' parameter supplied to the 'casmain.xgi' endpoint. The severity of this vulnerability is classified as high, with a CVSS score of 7.5.
This module was authored by pikpikcu.
A successful exploitation of the local file inclusion vulnerability in EWEBS can lead to the unauthorized disclosure of sensitive information stored on the server. This can include configuration files, user credentials, and other confidential data. Attackers can leverage this information to further compromise the system or launch targeted attacks.
The "EWEBS - Local File Inclusion" module works by sending a POST request to the '/casmain.xgi' endpoint with specific headers and parameters. It then applies matching conditions to determine if the vulnerability is present.
An example of the HTTP request sent by the module:
POST /casmain.xgi HTTP/1.1
Host: [target_host]
Content-Type: application/x-www-form-urlencoded
[Request Body]
The module applies the following matching conditions:
- The response body must contain the words "[Edition]" and "[LocalInfo]". - The response status code must be 200.If both conditions are met, the module reports the vulnerability.
Content-Type: application/x-www-fo...