Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Karel IP Phone IP1211 Web Management Panel - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#karel#lfi
Description

What is the "Karel IP Phone IP1211 Web Management Panel - Local File Inclusion?"

The "Karel IP Phone IP1211 Web Management Panel - Local File Inclusion" module is designed to detect a vulnerability in the Karel IP Phone IP1211 Web Management Panel. This module specifically targets the Karel IP Phone IP1211 Web Management Panel and checks for a local file inclusion vulnerability. The severity of this vulnerability is classified as high.

Impact

A successful exploitation of the local file inclusion vulnerability in the Karel IP Phone IP1211 Web Management Panel could allow an attacker to access sensitive files on the system. This could potentially lead to unauthorized access, disclosure of sensitive information, or even remote code execution.

How the module works?

The module sends an HTTP GET request to the target URL with a specific path parameter that attempts to access the system's password file. The request is made with basic authorization credentials. The module then uses matching conditions to check if the response contains the string "root:[x*]:0:0" and if the response status code is 200. If both conditions are met, the module reports a vulnerability.

Example HTTP request:

GET /cgi-bin/cgiServer.exx?page=../../../../../../../../../../../etc/passwd HTTP/1.1
Host: [target_host]
Authorization: Basic [base64_encoded_credentials]

The matching conditions for this module are:

- The response body must contain the string "root:[x*]:0:0" - The response status code must be 200

When these conditions are met, the module identifies the presence of the local file inclusion vulnerability in the Karel IP Phone IP1211 Web Management Panel.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/cgi-bin/cgiServer.e...
Headers

Authorization: Basic YWRtaW46YWRtaW...

Matching conditions
regex: root:[x*]:0:0and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability