MPSec ISG1000 - Local File Inclusion

What is the "MPSec ISG1000 - Local File Inclusion?"

The "MPSec ISG1000 - Local File Inclusion" module is designed to detect a vulnerability in the MPSec ISG1000 software. This module specifically targets the Local File Inclusion (LFI) vulnerability, which is classified as CWE-22. LFI allows an attacker to include files from the target system, potentially leading to unauthorized access or information disclosure. The severity of this vulnerability is high, with a CVSS score of 7.5.

Impact

If successfully exploited, the Local File Inclusion vulnerability in MPSec ISG1000 can have serious consequences. An attacker could gain access to sensitive files on the target system, such as configuration files or user credentials. This can lead to further compromise of the system or unauthorized access to sensitive information.

How the module works?

The module works by sending HTTP requests to the target system, specifically targeting the vulnerable endpoint. It attempts to include files from the system using relative path traversal techniques. The module then applies matching conditions to determine if the vulnerability is present.

For example, one of the HTTP requests sent by the module is:

GET /webui/?g=sys_dia_data_down&file_name=../../../../../../../../../../../../etc/passwd

The module applies the following matching conditions:

- The response body must contain the strings "for 16-bit app support" and "root:.*:0:0:" - The HTTP response status must be 200 - The response header must contain the word "text/plain"

If all the matching conditions are met, the module reports the presence of the Local File Inclusion vulnerability in MPSec ISG1000.

It is important to note that this module is part of the Vidoc platform, which utilizes multiple modules to perform scanning. Each module represents a specific test case that can detect misconfigurations, vulnerabilities, or software fingerprints.