MagicFlow - Local File Inclusion

What is "MagicFlow - Local File Inclusion?"

The "MagicFlow - Local File Inclusion" module is designed to detect local file inclusion vulnerabilities in the MagicFlow software. This vulnerability allows remote unauthenticated users to access locally stored files on the server. The severity of this vulnerability is classified as high, with a CVSS score of 8.6.

This module was authored by gy741.

Impact

A successful exploitation of the local file inclusion vulnerability in MagicFlow can lead to unauthorized access to sensitive files stored on the server. This can potentially expose sensitive information, such as system configuration files or user credentials, to malicious actors.

How the module works?

The "MagicFlow - Local File Inclusion" module works by sending HTTP requests to the target server and checking for specific conditions in the response. It looks for the presence of the string "root:.*:0:0:" in the response body, which indicates the presence of the root user in the /etc/passwd file. Additionally, it verifies that the HTTP response status code is 200.

Here is an example of an HTTP request used by the module:

GET /msa/main.xp?Fun=msaDataCenetrDownLoadMore+delflag=1+downLoadFileName=msagroup.txt+downLoadFile=../../../../../../etc/passwd HTTP/1.1
Host: [target server]

The module matches the response against the defined conditions and reports a vulnerability if both conditions are met.

Classification:

CWE-ID: CWE-22

CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVSS-Score: 8.6

For more information about the "MagicFlow - Local File Inclusion" module, please refer to the Vidoc platform documentation.