Schneider Electric Pelco VideoXpert Core Admin Portal - Local File Inclusion

What is the "Schneider Electric Pelco VideoXpert Core Admin Portal - Local File Inclusion?"

The "Schneider Electric Pelco VideoXpert Core Admin Portal - Local File Inclusion" module is designed to detect a vulnerability in the Schneider Electric Pelco VideoXpert Core Admin Portal software. This module specifically targets the VideoXpert Core Admin Portal and checks for a local file inclusion (LFI) vulnerability. LFI vulnerabilities can allow an attacker to include and execute arbitrary files from the target system, potentially leading to unauthorized access, data leakage, or remote code execution.

This module has a severity level of high, indicating that the vulnerability it detects can have a significant impact on the security of the target system.

Impact

If the Schneider Electric Pelco VideoXpert Core Admin Portal is vulnerable to local file inclusion, an attacker may be able to access sensitive files on the target system. This could include configuration files, user credentials, or other sensitive information. Additionally, an attacker may be able to execute arbitrary code, potentially leading to further compromise of the system.

How the module works?

The module sends an HTTP GET request to the target system with a specific path that triggers the local file inclusion vulnerability. For example, it may attempt to access the "win.ini" file on a Windows system by using a path traversal technique. The module then checks the response body for specific keywords, such as "bit app support," "fonts," or "extensions," to confirm the presence of the vulnerable file. It also verifies that the HTTP response status code is 200, indicating a successful request.

By matching these conditions, the module can determine if the Schneider Electric Pelco VideoXpert Core Admin Portal is vulnerable to local file inclusion.