2022-01-26 11:26:40 +00:00
id : openbmcs-secret-disclosure
info :
2023-03-10 16:41:02 +00:00
name : OpenBMCS 2.4 - Information Disclosure
2022-01-26 11:26:40 +00:00
author : dhiyaneshDK
severity : high
2023-03-10 16:41:02 +00:00
description : OpenBMCS 2.4 contains an information disclosure vulnerability. The application allows directory listing and exposure of some sensitive files, which can allow an attacker to leverage the disclosed information and gain full access.
2022-04-22 10:38:41 +00:00
reference :
- https://www.exploit-db.com/exploits/50671
2023-03-10 16:41:02 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
cwe-id : CWE-200
2022-01-26 11:26:40 +00:00
metadata :
2023-04-28 08:11:21 +00:00
max-request : 1
2022-01-26 11:26:40 +00:00
shodan-query : http.favicon.hash:1550906681
2022-08-27 04:41:18 +00:00
tags : misconfig,edb,openbmcs
2022-01-26 11:26:40 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-01-26 11:26:40 +00:00
- method : GET
path :
- "{{BaseURL}}/debug/"
matchers-condition : and
matchers :
- type : word
words :
- "change_password_sqls"
- "Index of /debug"
condition : and
- type : status
status :
- 200
2023-10-19 13:13:52 +00:00
# digest: 490a00463044022073f533a2f8d0320492227b718112596694fdfcd1b884fe0396ed1a22440370ae02204fb250db80cc95e534767ce315be596ad551bdaa642e74f66f3db6169c20212b:922c64590222798bb761d5b6d8e72950