EPP Server Local File Inclusion Scanner

EPP Server is a software application primarily used by domain registries for managing domain name registrations. It is utilized by various organizations and businesses around the world that specialize in domain name registration services. The software facilitates the management of domain lifecycle processes such as renewal, transfer, and deletion of domain names. It is particularly important for companies managing large domain portfolios. EPP Server's capabilities are essential for ensuring efficient domain management and streamlining registration processes. Its usage spans across registrars, domain hosting companies, and other stakeholders within the domain industry.

The Local File Inclusion (LFI) vulnerability in EPP Server allows an attacker to manipulate input parameters in such a way that they can access files on the server's file system outside the intended directory. This vulnerability arises due to improper validation and sanitization of user inputs, leading to unauthorized file access. If exploited, it can lead to information disclosure, potentially allowing access to sensitive files such as configuration files, passwords, or database credentials. The vulnerability is dangerous as it may be used as a stepping stone for further attacks, including remote code execution. Detecting and mitigating such a vulnerability is critical to maintaining server security and protecting sensitive information.

The vulnerability is present in the "CitiesServlet" component of the EPP Server, which handles HTTP GET requests. The vulnerable endpoint uses a "country" parameter that is not properly sanitized, leading to the direct concatenation of user input with the "/cities/cities_" string to form the fileName. An attacker can exploit this by manipulating the "country" parameter to traverse directories and read arbitrary files on the server. This lack of proper input validation allows accessing files that were not supposed to be exposed, such as "/etc/passwd". The exploitation requires crafting a malicious request designed to manipulate the parameter to include sensitive paths.

If successfully exploited, attackers can access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive data. This might include configuration files containing passwords or keys, critical system files, or application data. Such access can lead to compromised systems, data breaches, and application disruption. Additionally, LFI can be leveraged to execute further attacks, including privilege escalation or remote code execution, if other vulnerabilities exist. Hence, the LFI poses a significant risk to the confidentiality, integrity, and availability of the server and its data.

REFERENCES

• https://hackcompute.com/hacking-epp-servers/