Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Huawei HG255s - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#huawei#lfi#router
Description

What is the "Huawei HG255s - Local File Inclusion?"

The "Huawei HG255s - Local File Inclusion" module is designed to detect a vulnerability in the Huawei HG255s router. This vulnerability allows for local file inclusion due to insufficient validation of received HTTP requests. The severity of this vulnerability is classified as high, with a CVSS score of 7.5.

This module was authored by 0x_Akoko.

Impact

If exploited, this vulnerability could allow a remote attacker to access local files on the Huawei HG255s router. This unauthorized access to sensitive files could potentially lead to further compromise of the device or unauthorized disclosure of sensitive information.

How the module works?

The "Huawei HG255s - Local File Inclusion" module works by sending a specific HTTP request to the targeted router. The request path includes a payload that attempts to traverse the file system and access sensitive files, such as the "/etc/passwd" file.

The module then applies matching conditions to the response received from the router. It checks if the response contains the string "root:[x*]:0:0", indicating the presence of the root user in the "/etc/passwd" file. Additionally, it verifies that the response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports a vulnerability, indicating that the Huawei HG255s router is susceptible to local file inclusion.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/css/..%2f..%2f..%2f...
Matching conditions
regex: root:[x*]:0:0and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability