==============================================================================
Fork-CMS Local File Inclusion:
Author: Rafay Baloch
Introduction:
Local file inclusion vulnerability occur when the include function is not
sanitized properl, LFI is classified under OWASP
Top10 under "A4 Insecure Direct Object References" also commonly known as a
form of "Directory traversal attack".
Impact:
Depending upon the scenario, If /etc/proc/environ file is accessible, LFI
could be used to
for uploading a shell/backdoor on to the server.
If /proc/environ file is not accessible, LFI can be combined with Log file
inclusion to acheieve a RCE (Remote code
execution upon the server"
Proof OF Concept:
The url below would be displaying the contents of /etc/passwd file, the
password is shadowed and would be accesible under
/etc/shadow only under root priviledges, but still lfi gives a good attack
surface for an attacker.
http://www.fork-cms.com/frontend/js.php?
module=core&file=../../../../../../../../../../../../../../../../etc/passwd&language=en&m=1339527371
Mitigations:
https://www.owasp.org/index.php/A10_2004_Insecure_Configuration_Management
https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References