Sensitive Data: EasyImage down.php - Arbitrary File Read¶

Identifier: easyimage_downphp_lfi

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

EasyImage down.php file is vulnerable to arbitrary file read vulnerabilities, potentially allowing attackers to read sensitive files from the server.

How we test: We test for arbitrary file read vulnerabilities in EasyImage down.php by injecting file path payloads and analyzing responses to detect if local files can be read and their contents exposed.

Reference:

https://github.com/qingchenhh/qc_poc/blob/main/Goby/EasyImage_down.php_file_read.go

Configuration¶

Example¶

Example configuration:

---
security_tests:
  easyimage_downphp_lfi:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.