Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

PMB 5.6 - Local File Inclusion

By kannthu

Vidoc logoVidoc Module

What is "PMB 5.6 - Local File Inclusion?"

The "PMB 5.6 - Local File Inclusion" module is designed to detect a vulnerability in the PMB 5.6 software. This vulnerability is classified as CWE-22 and has a severity level of high. The module aims to identify instances where the software is susceptible to local file inclusion attacks.

Author: dhiyaneshDk


A successful local file inclusion attack on PMB 5.6 can allow an attacker to access sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation of the system.

How the module works?

The module sends an HTTP GET request to the "/pmb/opac_css/getgif.php" endpoint with specific parameters that include a path traversal payload ("chemin=../../../../../../etc/passwd") and a filename ("nomgif=nuclei").

The module then applies matching conditions to the response to determine if the attack was successful. It checks if the response status is 200 and if the response body contains the string "root:x:0". If both conditions are met, the module reports a vulnerability.

Example HTTP request:

GET /pmb/opac_css/getgif.php?chemin=../../../../../../etc/passwd&nomgif=nuclei

Matching conditions:

- Status code: 200 - Response body contains: "root:x:0"


Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
status: 200and
word: root:x:0
Passive global matcher
No matching conditions.
On match action
Report vulnerability