Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

gSOAP 2.8 - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#edb#gsoap#lfi
Description

What is "gSOAP 2.8 - Local File Inclusion?"

The "gSOAP 2.8 - Local File Inclusion" module is designed to detect a vulnerability in the gSOAP 2.8 software. This vulnerability allows for local file inclusion, which can potentially lead to unauthorized access to sensitive files on the target system. The severity of this vulnerability is classified as high.

This module was authored by 0x_Akoko.

Impact

If successfully exploited, the local file inclusion vulnerability in gSOAP 2.8 can allow an attacker to access and retrieve sensitive files from the target system. This can potentially expose confidential information, such as user credentials or system configuration files.

How the module works?

The "gSOAP 2.8 - Local File Inclusion" module works by sending a specific HTTP request to the target system. The request attempts to access the "/etc/passwd" file by utilizing a relative path traversal technique. The module then checks for two matching conditions:

    - The presence of the string "root:[x*]:0:0" in the response, indicating the successful retrieval of the "/etc/passwd" file. - A response status code of 200, indicating a successful HTTP request.

If both conditions are met, the module reports a vulnerability.

Example HTTP request:

GET /../../../../../../../../../etc/passwd HTTP/1.1
Host: {%Hostname%}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close

For more information, you can refer to the exploit-db.com page.

Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
regex: root:[x*]:0:0and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability