Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Local File Inclusion" module is designed to detect a vulnerability in the Carel pCOWeb HVAC BACnet Gateway software version 2.1.0. This vulnerability is classified as high severity.
A successful exploitation of this vulnerability could allow an attacker to access sensitive files on the target system. In this case, the module specifically targets the "/usr-cgi/logdownload.cgi" endpoint and attempts to retrieve the "/etc/passwd" file. If the file contains the "root" user entry, it indicates a successful match.
The module sends a GET request to the "/usr-cgi/logdownload.cgi" endpoint with a specific parameter that includes a path traversal payload. The payload attempts to access the "/etc/passwd" file by using relative path traversal sequences. The module then applies a regular expression matcher to check if the response contains the "root" user entry, indicating a successful match.
Example HTTP request:
GET /usr-cgi/logdownload.cgi?file=../../../../../../../../etc/passwd
The module uses the following matching condition:
Matcher: Regex
Regex: root:.*:0:0:
Part: All
If the response contains the specified regular expression pattern, the module reports a vulnerability.