Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "gSOAP 2.8 - Local File Inclusion" module is designed to detect a vulnerability in the gSOAP 2.8 software. This vulnerability allows for local file inclusion, which can potentially lead to unauthorized access to sensitive files on the target system. The severity of this vulnerability is classified as high.
This module was authored by 0x_Akoko.
If successfully exploited, the local file inclusion vulnerability in gSOAP 2.8 can allow an attacker to access and retrieve sensitive files from the target system. This can potentially expose confidential information, such as user credentials or system configuration files.
The "gSOAP 2.8 - Local File Inclusion" module works by sending a specific HTTP request to the target system. The request attempts to access the "/etc/passwd" file by utilizing a relative path traversal technique. The module then checks for two matching conditions:
If both conditions are met, the module reports a vulnerability.
Example HTTP request:
GET /../../../../../../../../../etc/passwd HTTP/1.1
Host: {%Hostname%}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
For more information, you can refer to the exploit-db.com page.
Metadata: max-request: 1