Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "yishaadmin - Local File Inclusion" module is designed to detect a vulnerability known as Local File Inclusion (LFI) in the yishaadmin software. LFI allows an attacker to include local files on the server, potentially leading to unauthorized access, information disclosure, or even remote code execution. This vulnerability has a high severity level and should be addressed immediately.
This module was authored by Evan Rubinstein.
If the "yishaadmin - Local File Inclusion" vulnerability is successfully exploited, an attacker can download, read, or delete files on the server without any authentication. This can lead to the exposure of sensitive information, compromise of user data, or even complete system compromise.
The module sends an HTTP request to the "/admin/File/DownloadFile" endpoint with a specific file path parameter. It then checks for two matching conditions:
If both conditions are met, the module reports a vulnerability.
Here is an example of the HTTP request sent by the module:
GET /admin/File/DownloadFile?filePath=wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd&delete=0 HTTP/1.1
Host: {%Hostname%}
Please note that the actual hostname will be substituted in place of "{%Hostname%}".
It is important to address this vulnerability promptly to prevent potential unauthorized access and data breaches.