zhttpd - Local File Inclusion

What is "zhttpd - Local File Inclusion?"

The "zhttpd - Local File Inclusion" module is designed to detect a vulnerability in the zhttpd software. This vulnerability allows unauthenticated users to include local files, including privileged files such as /etc/shadow. The severity of this vulnerability is classified as high.

This module was authored by EvergreenCartoons.

Impact

If exploited, this vulnerability can allow an attacker to read sensitive files on the system, potentially leading to further compromise of the system.

How the module works?

The "zhttpd - Local File Inclusion" module works by sending an HTTP request to the target system. The request is designed to include a specific file, in this case, /etc/passwd, which is a commonly targeted file for local file inclusion vulnerabilities.

The module then uses matching conditions to determine if the vulnerability is present. These conditions include checking the response body for the presence of the "root" user entry, checking the response header for the "application/octet-stream" content type, and verifying that the response status code is 200.

If all of these conditions are met, the module reports a vulnerability, indicating that the zhttpd software is vulnerable to unauthenticated local file inclusion.