Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

zhttpd - Local File Inclusion

By kannthu

Vidoc logoVidoc Module

What is "zhttpd - Local File Inclusion?"

The "zhttpd - Local File Inclusion" module is designed to detect a vulnerability in the zhttpd software. This vulnerability allows unauthenticated users to include local files, including privileged files such as /etc/shadow. The severity of this vulnerability is classified as high.

This module was authored by EvergreenCartoons.


If exploited, this vulnerability can allow an attacker to read sensitive files on the system, potentially leading to further compromise of the system.

How the module works?

The "zhttpd - Local File Inclusion" module works by sending an HTTP request to the target system. The request is designed to include a specific file, in this case, /etc/passwd, which is a commonly targeted file for local file inclusion vulnerabilities.

The module then uses matching conditions to determine if the vulnerability is present. These conditions include checking the response body for the presence of the "root" user entry, checking the response header for the "application/octet-stream" content type, and verifying that the response status code is 200.

If all of these conditions are met, the module reports a vulnerability, indicating that the zhttpd software is vulnerable to unauthenticated local file inclusion.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
regex: root:.*:0:0:and
word: application/octet-streamand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability