Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

PMB 5.6 - Local File Inclusion

By kannthu

Vidoc logoVidoc Module

What is "PMB 5.6 - Local File Inclusion?"

The "PMB 5.6 - Local File Inclusion" module is designed to detect a vulnerability in the PMB 5.6 software. This vulnerability is classified as high severity and can potentially lead to unauthorized access to sensitive files on the server. The module was authored by geeknik.


If exploited, the local file inclusion vulnerability in PMB 5.6 can allow an attacker to retrieve sensitive files from the server. This can include files containing sensitive information such as user credentials, configuration files, or other sensitive data.

How does the module work?

The module sends HTTP requests to the target server, specifically targeting the "getgif.php" endpoint with a manipulated "chemin" parameter. The module checks if the response contains the string "root:.*:0:0:" using regular expression matching. Additionally, it verifies that the response status is 200.

Here is an example of an HTTP request sent by the module:

GET /opac_css/getgif.php?chemin=../../../../../../etc/passwd&nomgif=tarik

The module then evaluates the matching conditions to determine if the vulnerability is present. If both conditions are met, the module reports the vulnerability.

For more information, you can refer to the Packet Storm Security website.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
regex: root:.*:0:0:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability