Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Seeyon WooYun - Local File Inclusion

By kannthu

Vidoc logoVidoc Module

What is the "Seeyon WooYun - Local File Inclusion?" module?

The "Seeyon WooYun - Local File Inclusion" module is designed to detect a vulnerability in the Seeyon WooYun software. This vulnerability allows remote attackers to include the content of locally stored files and disclose it back to the attacker through a technique called local file inclusion. The severity of this vulnerability is classified as high.

This module was authored by princechaddha.


If successfully exploited, this vulnerability can lead to the unauthorized disclosure of sensitive information stored on the server. Attackers can potentially access files that should not be publicly accessible, such as configuration files or user data.

How does the module work?

The "Seeyon WooYun - Local File Inclusion" module sends an HTTP GET request to the "/NCFindWeb?service=IPreAlertConfigService&filename=WEB-INF/web.xml" path. It then applies several matching conditions to determine if the vulnerability is present.

The matching conditions for this module are as follows:

- The response status code must be 200. - The response body must contain the string "<servlet-name>NCInvokerServlet</servlet-name>". - The response header must contain the string "application/xml".

If all of these conditions are met, the module reports the vulnerability.



CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS-Score: 7.5


Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
status: 200and
word: <servlet-name>NCInvokerServlet</servlet-...and
word: application/xml
Passive global matcher
No matching conditions.
On match action
Report vulnerability