daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update eyelock-nano-lfd.yaml

patch-1
Prince Chaddha 2021-08-16 16:40:42 +05:30 committed by GitHub
parent af4f29ab03
commit d3a379e112
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
vulnerabilities/other/eyelock-nano-lfd.yaml
View File

@ -2,11 +2,11 @@ id: eyelock-nano-lfd
info: info:
name: EyeLock nano NXT 3.5 - Local File Disclosure name: EyeLock nano NXT 3.5 - Local File Disclosure
description:
author: geeknik author: geeknik
reference: https://www.zeroscience.mk/codes/eyelock_lfd.txt
severity: high severity: high
tags: eyelock,lfd,traversal,iot,biometrics description: nano NXT suffers from a file disclosure vulnerability when input passed thru the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
reference: https://www.zeroscience.mk/codes/eyelock_lfd.txt
tags: iot,lfi,eyelock
requests: requests:
- method: GET - method: GET