title: CVE-2010-5278 Exploitation Attempt
id: a4a899e8-fd7a-49dd-b5a8-7044def72d61
status: test
description: |
  MODx manager - Local File Inclusion:Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier,
  when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter.
references:
    - https://github.com/projectdiscovery/nuclei-templates
author: Subhash Popuri (@pbssubhash)
date: 2021-08-25
modified: 2023-01-02
tags:
    - attack.initial-access
    - attack.t1190
    - cve.2010-5278
    - detection.emerging-threats
logsource:
    category: webserver
detection:
    selection:
        cs-uri-query|contains: /manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00
    condition: selection
falsepositives:
    - Scanning from Nuclei
    - Unknown
level: critical