OpenCTI 3.3.1 - Local File Inclusion

What is "OpenCTI 3.3.1 - Local File Inclusion?"

The "OpenCTI 3.3.1 - Local File Inclusion" module is designed to detect a vulnerability in the OpenCTI 3.3.1 software. OpenCTI is an open-source platform used for threat intelligence and security incident response. This module specifically targets the OpenCTI software version 3.3.1 and identifies instances of local file inclusion.

The severity of this vulnerability is classified as high, indicating the potential for significant impact if exploited. The original author of this module is 0x_Akoko.

Impact

A local file inclusion vulnerability allows an attacker to include arbitrary files from the target system, potentially exposing sensitive information or executing malicious code. In the case of OpenCTI 3.3.1, this vulnerability could lead to unauthorized access to system files or the execution of arbitrary commands.

How the module works?

The "OpenCTI 3.3.1 - Local File Inclusion" module works by sending HTTP requests to the target system and analyzing the responses for specific conditions. It checks for the presence of a particular file path that indicates a potential local file inclusion vulnerability.

For example, one of the HTTP requests sent by this module is:

GET /static/css//../../../../../../../../etc/passwd

The module then applies matching conditions to the response to determine if the vulnerability is present. In this case, it checks if the response contains the string "root:[x*]:0:0" and if the HTTP status code is 200.

If both conditions are met, the module reports the vulnerability.

Reference: