Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "EyeLock nano NXT 3.5 - Arbitrary File Retrieval" module is designed to detect a file retrieval vulnerability in the EyeLock nano NXT software. This vulnerability occurs when the input passed through the 'path' parameter to the 'logdownload.php' script is not properly verified before being used to read files. The severity of this vulnerability is classified as high.
This module was authored by geeknik.
If exploited, this vulnerability allows an attacker to disclose the contents of files from local resources. By manipulating the 'path' parameter, an attacker can retrieve sensitive information, such as the contents of the '/etc/passwd' file.
The module sends an HTTP GET request to the '/scripts/logdownload.php' endpoint with the following parameters:
/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd
The module then applies two matching conditions to determine if the vulnerability is present:
- The response status code must be 200. - The response body must contain the string "root:[x*]:0:0:" using a regular expression match.If both conditions are met, the module reports the vulnerability.
For more information, refer to the original module documentation.