How this template works
The template includes filters to select APIs based on their response code and HTTP method. It specifies that the response code should be between 200 and 299, and the method should contain "GET". These filters ensure that only relevant APIs are targeted for the test.
The template uses a single execution type, which means that all the requests specified under the "execute" section will be executed in a single test run. The requests include adding various query parameters with file paths from the "filePaths" word list. This allows the test to check if the web application is vulnerable to Local File Inclusion by manipulating file paths.
The template specifies a validation rule for the response payload. It uses a regular expression to match a specific pattern in the response. In this case, it checks if the response payload contains the string "root:.*:0:0:". If the pattern is found, it indicates that the test has successfully exploited the vulnerability and accessed the sensitive file.
Frequently asked questions
What is the purpose of the "FILE_INCLUSION_NEW_PARAM" test in the array
What is the impact of a successful exploitation of the LFI vulnerability
What category and subcategory does the test belong to
What are the severity and tags associated with the test
What are the references provided for this test
What are the API selection filters applied to this test