nuclei-templates/http/exposures/logs/redv-super-logs.yaml

26 lines
877 B
YAML
Raw Normal View History

2023-10-17 07:20:28 +00:00
id: redv-super-logs
info:
name: RED-V Super Digital Signage System RXV-A740R - Log Information Disclosure
author: r3Y3r53
severity: medium
description: |
The application is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit several endpoints and disclose the webserver's log file list containing sensitive system resources and debug log information running on the device.
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5609.php
metadata:
verified: true
tags: redv,log,disclosure,exposure
http:
- method: GET
path:
- "{{BaseURL}}/downloader.log"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/plain")'
- 'contains_all(body, "Log file", "[LogParser]", "[INFO]")'
2023-10-17 08:16:05 +00:00
condition: and