Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
This module, NUUO NVRmini 2 3.0.8 - Local File Inclusion, is designed to detect a vulnerability related to local file inclusion in NUUO NVRmini 2 version 3.0.8. This vulnerability allows an attacker to include local files on the server, potentially leading to unauthorized access, information disclosure, or remote code execution. The severity of this vulnerability is classified as high.
A successful exploitation of this vulnerability can have serious consequences, including:
- Unauthorized access to sensitive files and data - Information disclosure - Potential remote code executionThis module works by sending an HTTP GET request to the "/css_parser.php?css=css_parser.php" endpoint. It then applies several matching conditions to determine if the vulnerability is present:
- The response body must contain the parameter "$_GET['css']" - The response header must contain the word "text/css" - The HTTP status code must be 200If all the matching conditions are met, the module reports the vulnerability.
For example, the module sends the following HTTP request:
GET /css_parser.php?css=css_parser.php HTTP/1.1
Host: [target_host]
It then checks if the response body contains the parameter "$_GET['css']", the response header contains the word "text/css", and the HTTP status code is 200.
By detecting this vulnerability, the module helps identify potential security risks in NUUO NVRmini 2 version 3.0.8 and allows users to take appropriate actions to mitigate the risk.