Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Huawei Firewall - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#huawei#firewall#lfi
Description

Huawei Firewall - Local File Inclusion

What is the "Huawei Firewall - Local File Inclusion?"

The "Huawei Firewall - Local File Inclusion" module is designed to detect the presence of a local file inclusion vulnerability in Huawei firewalls. This vulnerability, classified as CWE-22, can allow an attacker to include arbitrary files from the target system, potentially leading to unauthorized access or information disclosure. The severity of this vulnerability is high, with a CVSS score of 7.5.

This module was authored by taielab.

Impact

A successful exploitation of the local file inclusion vulnerability in Huawei firewalls can have serious consequences. It can allow an attacker to access sensitive files, such as configuration files or user credentials, stored on the target system. This can lead to further compromise of the system or unauthorized access to sensitive information.

How the module works?

The "Huawei Firewall - Local File Inclusion" module works by sending a specific HTTP request to the target system and then analyzing the response for specific conditions. The module checks for the presence of the string "root:[x*]:0:0:" in the response body, which indicates the presence of the "/etc/passwd" file. It also checks for the presence of the "application/octet-stream" header in the response, and a response status code of 200.

Here is an example of the HTTP request sent by the module:

GET /umweb/../etc/passwd

If all the matching conditions are met, the module reports the vulnerability.

Classification:

CWE-ID: CWE-22

CVSS-Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS-Score: 7.5

Metadata:

max-request: 1

verified: true

shodan-query: title:"HUAWEI"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/umweb/../etc/passwd
Matching conditions
regex: root:[x*]:0:0:and
word: application/octet-streamand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability