Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "PMB 5.6 - Local File Inclusion" module is designed to detect a vulnerability in the PMB 5.6 software. This vulnerability is classified as high severity and can potentially lead to unauthorized access to sensitive files on the server. The module was authored by geeknik.
If exploited, the local file inclusion vulnerability in PMB 5.6 can allow an attacker to retrieve sensitive files from the server. This can include files containing sensitive information such as user credentials, configuration files, or other sensitive data.
The module sends HTTP requests to the target server, specifically targeting the "getgif.php" endpoint with a manipulated "chemin" parameter. The module checks if the response contains the string "root:.*:0:0:" using regular expression matching. Additionally, it verifies that the response status is 200.
Here is an example of an HTTP request sent by the module:
GET /opac_css/getgif.php?chemin=../../../../../../etc/passwd&nomgif=tarik
The module then evaluates the matching conditions to determine if the vulnerability is present. If both conditions are met, the module reports the vulnerability.
For more information, you can refer to the Packet Storm Security website.