2023-01-23 05:03:27 +00:00
id : sound4-directory-listing
info :
2023-01-23 05:36:13 +00:00
name : SOUND4 Impact/Pulse/First/Eco <=2.x - Information Disclosure
2023-01-23 05:03:27 +00:00
author : arafatansari
severity : medium
description : |
The application is vulnerable to sensitive directory indexing / information disclosure vulnerability. An unauthenticated attacker can visit the log directory and disclose the server's log files containing sensitive and system information.
reference :
- https://packetstormsecurity.com/files/170259/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Information-Disclosure.html
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5732.php
metadata :
verified : true
2023-10-14 11:27:55 +00:00
max-request : 1
2023-01-23 05:36:13 +00:00
shodan-query : http.html:"SOUND4"
2023-01-23 07:48:36 +00:00
tags : misconfig,listing,sound4,disclosure,packetstorm
2023-01-23 05:03:27 +00:00
2023-04-27 04:28:59 +00:00
http :
2023-01-23 05:03:27 +00:00
- method : GET
path :
- "{{BaseURL}}/log/"
matchers-condition : and
matchers :
- type : word
words :
- "<title>Index of /log</title>"
- "Parent Directory"
condition : and
- type : status
status :
- 200
2023-10-20 11:41:13 +00:00
# digest: 4b0a00483046022100c40d90c8b4aab2a3fdaa4adce595c9e931ef76a373cf0a34a86c9d812d09edbe022100f3ed0dfd4a1188260f8f218ffd4d7dd6808cc4895f69bae0e37e9044a7c37097:922c64590222798bb761d5b6d8e72950