2022-05-23 19:21:42 +00:00
id : selenium-exposure
info :
2022-07-26 13:45:11 +00:00
name : Selenium - Node Exposure
2022-05-23 19:21:42 +00:00
author : w0Tx
severity : high
description : |
2022-07-26 13:45:11 +00:00
Selenium was shown to have an exposed node. If a Selenium node is exposed without any form of authentication, remote command execution could be possible if chromium is configured. By default the port is 4444, still, most of the internet facing are done through reverse proxies.
2022-05-23 19:23:21 +00:00
reference :
2022-05-23 19:21:42 +00:00
- https://nutcrackerssecurity.github.io/selenium.html
- https://labs.detectify.com/2017/10/06/guest-blog-dont-leave-your-grid-wide-open/
2024-09-10 09:08:16 +00:00
classification :
cpe : cpe:2.3:a:selenium:selenium:*:*:*:*:*:*:*:*
2022-05-23 19:27:09 +00:00
metadata :
verified : true
2023-10-14 11:27:55 +00:00
max-request : 1
2024-09-10 08:22:50 +00:00
vendor : selenium
2024-09-10 09:08:16 +00:00
product : selenium
shodan-query : "/wd/hub"
2024-01-14 09:21:50 +00:00
tags : misconfig,selenium,misconfiguration,rce,chromium
2022-05-23 19:21:42 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-05-23 19:21:42 +00:00
- method : GET
path :
- "{{BaseURL}}/wd/hub"
2022-10-07 21:27:25 +00:00
host-redirects : true
2022-05-23 19:21:42 +00:00
max-redirects : 2
2023-10-14 11:27:55 +00:00
2022-05-23 19:21:42 +00:00
matchers-condition : and
matchers :
- type : word
words :
- 'WebDriverRequest'
- '<title>WebDriver Hub</title>'
condition : or
- type : status
status :
- 200
2024-09-12 05:14:01 +00:00
# digest: 4a0a0047304502204b16dd8a83f4c9ce092e80d0b12b89172309e5974d8933b44db019923d69c7e1022100d3f12582d1005baac535c9b847c42e5be83409f75ad1b5fab83348ef8275123e:922c64590222798bb761d5b6d8e72950
