Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#carel#lfi#traversal#unauth#bacnet
Description

What is the "Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Local File Inclusion?"

The "Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Local File Inclusion" module is designed to detect a vulnerability in the Carel pCOWeb HVAC BACnet Gateway software version 2.1.0. This vulnerability is classified as high severity.

Impact

A successful exploitation of this vulnerability could allow an attacker to access sensitive files on the target system. In this case, the module specifically targets the "/usr-cgi/logdownload.cgi" endpoint and attempts to retrieve the "/etc/passwd" file. If the file contains the "root" user entry, it indicates a successful match.

How the module works?

The module sends a GET request to the "/usr-cgi/logdownload.cgi" endpoint with a specific parameter that includes a path traversal payload. The payload attempts to access the "/etc/passwd" file by using relative path traversal sequences. The module then applies a regular expression matcher to check if the response contains the "root" user entry, indicating a successful match.

Example HTTP request:

GET /usr-cgi/logdownload.cgi?file=../../../../../../../../etc/passwd

The module uses the following matching condition:

Matcher: Regex
Regex: root:.*:0:0:
Part: All

If the response contains the specified regular expression pattern, the module reports a vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/usr-cgi/logdownload...
Matching conditions
regex: root:.*:0:0:
Passive global matcher
No matching conditions.
On match action
Report vulnerability