How this template works
APIs Selection
The template extracts the "url" from the request and stores it in the "urlVar" variable. It also checks if the response payload contains either "<!doctype html>". These filters help in selecting the appropriate API for testing.
Execute request
The template modifies the URL by removing any trailing slashes and appending "/etc/passwd" to it. This is done using the "modify_url" action. The modified request is then executed.
Validation
The template validates the response payload by checking if it matches the regex pattern "root:.*:0:0:". If the pattern is found, it indicates a successful exploitation of the Local File Inclusion vulnerability. That's it! These three steps help in identifying and exploiting Local File Inclusion vulnerabilities in a web application.
Frequently asked questions
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling