Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "GeoVision Geowebserver 5.3.3 - Local File Inclusion" module is designed to detect a vulnerability in the GeoVision Geowebserver software version 5.3.3. This vulnerability allows remote unauthenticated attackers to disclose the content of locally stored files through a technique called local file inclusion. The severity of this vulnerability is classified as high.
This module was authored by madrobot.
If successfully exploited, this vulnerability can expose sensitive information stored on the server. Attackers can gain unauthorized access to files, potentially leading to further compromise of the system and unauthorized disclosure of sensitive data.
The module sends HTTP requests to the target server, attempting to exploit the local file inclusion vulnerability. It uses specific paths and parameters to trigger the vulnerability and retrieve the content of locally stored files.
For example, one of the HTTP requests used by the module is:
GET /Visitor//%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fwindows%5Cwin.ini HTTP/1.1
Host: example.com
The module also includes matching conditions to verify the success of the exploit. It checks the response body for specific words like "bit app support," "fonts," and "extensions." Additionally, it verifies that the HTTP response status is 200.
By combining these techniques, the module can identify instances of the GeoVision Geowebserver 5.3.3 software that are vulnerable to local file inclusion.
Reference: