Vidoc logo

Module library

All modulesVisit vidocsecurity.com
Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Start for free

Groupoffice 3.4.21 - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#groupoffice#lfi#traversal
Description

What is "Groupoffice 3.4.21 - Local File Inclusion?"

The "Groupoffice 3.4.21 - Local File Inclusion" module is designed to detect a vulnerability in the Groupoffice software version 3.4.21. Groupoffice is a collaborative software suite that provides email, calendars, contacts, tasks, and more. This module specifically targets the Local File Inclusion (LFI) vulnerability in Groupoffice 3.4.21.

The severity of this vulnerability is classified as high, indicating that it poses a significant risk to the security of the software and potentially the entire system.

Impact

A successful exploitation of the Local File Inclusion vulnerability in Groupoffice 3.4.21 can allow an attacker to access sensitive files on the server. This can lead to unauthorized disclosure of sensitive information, such as user credentials, configuration files, or other sensitive data stored on the server.

How the module works?

The module sends an HTTP GET request to the "/compress.php" endpoint with a specific parameter that includes a file path traversal payload. The payload attempts to access files outside of the intended directory, such as the "/etc/passwd" file.

The module then applies matching conditions to the response received from the server. It checks if the response contains the string "root:[x*]:0:0", which indicates the presence of the root user in the "/etc/passwd" file. Additionally, it verifies that the HTTP response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports the vulnerability, indicating that the Groupoffice 3.4.21 installation is susceptible to Local File Inclusion.

For example, the module sends the following HTTP GET request:

GET /compress.php?file=../../../../../../../etc/passwd

The module expects the response to contain the string "root:[x*]:0:0" and the HTTP status code to be 200.

It is important to address this vulnerability promptly by applying the necessary patches or updates provided by the Groupoffice software developers. This will help mitigate the risk of unauthorized access to sensitive files and protect the overall security of the system.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/compress.php?file=....
Matching conditions
regex: root:[x*]:0:0and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability