Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read" module is designed to detect a vulnerability in the UniSharp Laravel File Manager 2.0.0 software. This vulnerability allows an attacker to perform arbitrary file reads, potentially exposing sensitive information.
This module has a severity level of high, indicating the potential impact of the vulnerability.
If successfully exploited, this vulnerability can allow an attacker to read arbitrary files on the target system. This can lead to the exposure of sensitive information, such as configuration files or user credentials, which can be used for further attacks.
The module sends an HTTP GET request to the "/laravel-filemanager/download" endpoint with specific parameters. It attempts to read the "/etc/passwd" file by manipulating the "working_dir" parameter. The module then applies matching conditions to determine if the vulnerability is present.
The matching conditions include:
- A regular expression match on the response body, looking for the presence of the "root" user entry in the "/etc/passwd" file. - A status code match, checking if the response returns a 200 OK status.If both matching conditions are met, the module identifies the vulnerability and reports it.
For more information about the UniSharp Laravel File Manager 2.0.0 software and this specific vulnerability, please refer to the original author's documentation.