Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Huawei Firewall - Local File Inclusion" module is designed to detect the presence of a local file inclusion vulnerability in Huawei firewalls. This vulnerability, classified as CWE-22, can allow an attacker to include arbitrary files from the target system, potentially leading to unauthorized access or information disclosure. The severity of this vulnerability is high, with a CVSS score of 7.5.
This module was authored by taielab.
A successful exploitation of the local file inclusion vulnerability in Huawei firewalls can have serious consequences. It can allow an attacker to access sensitive files, such as configuration files or user credentials, stored on the target system. This can lead to further compromise of the system or unauthorized access to sensitive information.
The "Huawei Firewall - Local File Inclusion" module works by sending a specific HTTP request to the target system and then analyzing the response for specific conditions. The module checks for the presence of the string "root:[x*]:0:0:" in the response body, which indicates the presence of the "/etc/passwd" file. It also checks for the presence of the "application/octet-stream" header in the response, and a response status code of 200.
Here is an example of the HTTP request sent by the module:
GET /umweb/../etc/passwd
If all the matching conditions are met, the module reports the vulnerability.
Classification:
CWE-ID: CWE-22
CVSS-Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS-Score: 7.5
Metadata:
max-request: 1
verified: true
shodan-query: title:"HUAWEI"