Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "GoIP-1 GSM - Local File Inclusion" module is designed to detect a vulnerability in the GoIP-1 GSM software. This vulnerability allows an attacker to include local files by manipulating the 'content' or 'sidebar' GET parameters in the 'frame.html' or 'frame.A100.html' pages. The severity of this vulnerability is classified as high.
This module was authored by gy741.
If successfully exploited, this vulnerability can allow an attacker to access sensitive files on the target system. In this case, the module specifically checks for the presence of the 'root' user in the '/etc/passwd' file, indicating potential unauthorized access to privileged information.
The module sends HTTP requests to the target system, attempting to include the '/etc/passwd' file by manipulating the 'content' and 'sidebar' parameters in the 'frame.html' and 'frame.A100.html' pages. The module then uses a regular expression matcher to check if the 'root' user is present in the response. If a match is found, the module reports a vulnerability.
Here is an example of an HTTP request sent by the module:
GET /default/en_US/frame.html?content=..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
The module's matching condition checks for the presence of the 'root' user in the response, specifically looking for the pattern "root:.*:0:0:". If this pattern is found, the module identifies the vulnerability.