NS ASG - Local File Inclusion

What is the "NS ASG - Local File Inclusion?"

The "NS ASG - Local File Inclusion" module is designed to detect a vulnerability in the NS ASG software. This vulnerability is classified as CWE-22 and has a severity level of high, with a CVSS score of 7.5. The module aims to identify instances where the software is susceptible to local file inclusion attacks.

Impact

A successful local file inclusion attack can allow an attacker to read sensitive files on the server, potentially exposing confidential information or gaining unauthorized access to the system. This can lead to further exploitation and compromise of the affected system.

How the module works?

The module works by sending HTTP requests to specific paths within the target application. It checks for the presence of certain patterns in the response to determine if the vulnerability exists. In the case of the "NS ASG - Local File Inclusion" module, it looks for paths that include the "cert_download.php" file and attempts to include arbitrary files using the "file" and "certfile" parameters.

For example, it may send requests like:

GET /admin/cert_download.php?file=pqpqpqpq.txt&certfile=../../../../../../../../etc/passwd

GET /admin/cert_download.php?file=pqpqpqpq.txt&certfile=cert_download.php

The module then applies matching conditions to the response to determine if the vulnerability is present. It checks for the presence of the "root:.*:0:0:" pattern in the response body and also verifies if the response contains the "$certfile" parameter and the string "application/pdf".

If any of the matching conditions are met, the module reports the vulnerability, indicating that the target application is vulnerable to local file inclusion.