Wooyun - Local File Inclusion

What is "Wooyun - Local File Inclusion?"

The "Wooyun - Local File Inclusion" module is designed to detect a vulnerability known as local file inclusion (LFI) in the Wooyun software. LFI is a type of security vulnerability that allows an attacker to include files from the target system's file system. This module specifically targets the Wooyun software, which is a web application vulnerability scanning platform.

This module has a severity level of high, indicating that if the vulnerability is present, it can pose a significant risk to the security of the target system.

Impact

If the "Wooyun - Local File Inclusion" vulnerability is successfully exploited, an attacker can gain unauthorized access to sensitive files on the target system. This can lead to the exposure of confidential information, such as database credentials, configuration files, or other sensitive data. Additionally, an attacker may be able to execute arbitrary code or commands on the target system, potentially compromising its integrity and availability.

How the module works?

The "Wooyun - Local File Inclusion" module works by sending a specific HTTP request to the target system and then analyzing the response to determine if the LFI vulnerability is present. The module sends a GET request to the "/NCFindWeb?service=IPreAlertConfigService&filename=../../ierp/bin/prop.xml" path, which is a common path vulnerable to LFI attacks in the Wooyun software.

The module uses two matching conditions to confirm the presence of the vulnerability. First, it checks the HTTP response status code, expecting a 200 status code indicating a successful response. Then, it searches for specific words ("" and "") in the response body, which are indicative of the presence of sensitive information that can be accessed through LFI.

If both matching conditions are met, the module reports the vulnerability as detected.