Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Xerox DC260 EFI Fiery Controller Webtools 2.0 - Local File Inclusion" module is designed to detect a vulnerability in the Xerox DC260 EFI Fiery Controller Webtools 2.0 software. This vulnerability is classified as CWE-22 and has a severity level of high. The module was authored by gy741.
A local file inclusion vulnerability allows an attacker to include arbitrary files from the target system. In the case of the Xerox DC260 EFI Fiery Controller Webtools 2.0, this vulnerability can be exploited to read sensitive files, such as the "/etc/passwd" file, which contains user account information.
The module sends an HTTP GET request to the "/wt3/forceSave.php" script with the "file" parameter set to "/etc/passwd". It then applies two matching conditions to determine if the vulnerability is present:
If both conditions are met, the module reports the vulnerability.