Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

yishaadmin - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#lfi#yishaadmin#huntr
Description

What is "yishaadmin - Local File Inclusion?"

The "yishaadmin - Local File Inclusion" module is designed to detect a vulnerability known as Local File Inclusion (LFI) in the yishaadmin software. LFI allows an attacker to include local files on the server, potentially leading to unauthorized access, information disclosure, or even remote code execution. This vulnerability has a high severity level and should be addressed immediately.

This module was authored by Evan Rubinstein.

Impact

If the "yishaadmin - Local File Inclusion" vulnerability is successfully exploited, an attacker can download, read, or delete files on the server without any authentication. This can lead to the exposure of sensitive information, compromise of user data, or even complete system compromise.

How does the module work?

The module sends an HTTP request to the "/admin/File/DownloadFile" endpoint with a specific file path parameter. It then checks for two matching conditions:

    - The response contains the string "root:.*:0:0:", indicating the presence of the root user in the "/etc/passwd" file. - The response status code is 200, indicating a successful request.

If both conditions are met, the module reports a vulnerability.

Here is an example of the HTTP request sent by the module:

GET /admin/File/DownloadFile?filePath=wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd&delete=0 HTTP/1.1
Host: {%Hostname%}

Please note that the actual hostname will be substituted in place of "{%Hostname%}".

It is important to address this vulnerability promptly to prevent potential unauthorized access and data breaches.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
regex: root:.*:0:0:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability