EyeLock nano NXT 3.5 - Arbitrary File Retrieval

What is the "EyeLock nano NXT 3.5 - Arbitrary File Retrieval?" module?

The "EyeLock nano NXT 3.5 - Arbitrary File Retrieval" module is designed to detect a file retrieval vulnerability in the EyeLock nano NXT software. This vulnerability occurs when the input passed through the 'path' parameter to the 'logdownload.php' script is not properly verified before being used to read files. The severity of this vulnerability is classified as high.

This module was authored by geeknik.

Impact

If exploited, this vulnerability allows an attacker to disclose the contents of files from local resources. By manipulating the 'path' parameter, an attacker can retrieve sensitive information, such as the contents of the '/etc/passwd' file.

How does the module work?

The module sends an HTTP GET request to the '/scripts/logdownload.php' endpoint with the following parameters:

/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd

The module then applies two matching conditions to determine if the vulnerability is present:

- The response status code must be 200. - The response body must contain the string "root:[x*]:0:0:" using a regular expression match.

If both conditions are met, the module reports the vulnerability.

For more information, refer to the original module documentation.