FeiFeiCms - Local File Inclusion

What is the "FeiFeiCms - Local File Inclusion?"

The "FeiFeiCms - Local File Inclusion" module is designed to detect a vulnerability in the FeiFeiCms software. FeiFeiCms is a content management system that allows users to create and manage websites. This module specifically targets the local file inclusion vulnerability, which can allow an attacker to include arbitrary files from the server's file system.

This vulnerability has a high severity level, indicating that it can potentially lead to unauthorized access to sensitive information or even compromise the entire system.

This module was authored by princechaddha.

Impact

If the FeiFeiCms software is vulnerable to local file inclusion, an attacker can exploit this vulnerability to access sensitive files on the server. This can include configuration files, which may contain database credentials or other sensitive information. The attacker can then use this information to further compromise the system or gain unauthorized access to other resources.

How the module works?

The "FeiFeiCms - Local File Inclusion" module works by sending a specific HTTP request to the target server. The request path includes a parameter that allows the attacker to traverse the file system and access files outside of the intended directory.

For example, the module may send a request like:

GET /index.php?s=Admin-Data-down&id=../../Conf/config.php

The module then includes matching conditions to determine if the vulnerability is present. In this case, it checks for a response status code of 200 and looks for specific words in the response body, such as "

For more information, you can refer to the following resources: