Goby/json/LOYTEC-LINX-Traversal-File-CVE-2018-14918.json

{
  "Name": "LOYTEC LINX Traversal File CVE-2018-14918",
  "Description": "Loytec LGATE-902 is a gateway device of Loytec company in Germany. Loytec lgate-902 versions prior to 6.4.2 have a directory traversal vulnerability, which can be exploited to read arbitrary files in the system.",
  "Product": "LOYTEC-LINX",
  "Homepage": "https://www.loytec.com/",
  "DisclosureDate": "2021-06-03",
  "Author": "atdpa4sw0rd@gmail.com",
  "GobyQuery": "product=\"LOYTEC-LINX\"",
  "Level": "3",
  "Impact": "<p>Direct access to the sensitive data desired by the attacker, including configuration files, logs, source code, etc., combined with the comprehensive utilization of other vulnerabilities, the attacker can easily obtain higher permissions.<br></p>",
  "Recommandation": "<p>Update to the latest version, select the product model on the following page, and download the corresponding version:</p><p><a href=\"http://www.loytec.com/support/download\">http://www.loytec.com/support/download</a></p>",
  "References": [
    "https://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html"
  ],
  "HasExp": true,
  "ExpParams": [
    {
      "name": "File",
      "type": "select",
      "value": "/etc/passwd,/etc/shadow"
    }
  ],
  "ExpTips": {
    "Type": "",
    "Content": ""
  },
  "ScanSteps": [
    "AND",
    {
      "Request": {
        "method": "GET",
        "uri": "/test.php",
        "follow_redirect": true,
        "header": {},
        "data_type": "text",
        "data": ""
      },
      "ResponseTest": {
        "type": "group",
        "operation": "AND",
        "checks": [
          {
            "type": "item",
            "variable": "$code",
            "operation": "==",
            "value": "200",
            "bz": ""
          },
          {
            "type": "item",
            "variable": "$body",
            "operation": "contains",
            "value": "test",
            "bz": ""
          }
        ]
      },
      "SetVariable": []
    }
  ],
  "ExploitSteps": null,
  "Tags": [
    "File Inclusion"
  ],
  "CVEIDs": null,
  "CVSSScore": "0.0",
  "AttackSurfaces": {
    "Application": null,
    "Support": null,
    "Service": null,
    "System": null,
    "Hardware": null
  }
}