2024-07-03 07:59:28 +00:00
|
|
|
id: snoop-servlet
|
|
|
|
|
|
|
|
|
|
info:
|
2024-07-10 18:14:21 +00:00
|
|
|
name: Snoop Servlet - Information Disclosure
|
2024-07-03 07:59:28 +00:00
|
|
|
author: omranisecurity
|
2024-07-03 08:03:31 +00:00
|
|
|
severity: low
|
2024-07-10 18:14:21 +00:00
|
|
|
description: |
|
|
|
|
|
The Snoop Servlet returns information about the HTTP request itself and sometimes. It could help an attacker to prepare more advanced attacks.
|
|
|
|
|
reference:
|
|
|
|
|
- https://www.acunetix.com/vulnerabilities/\web/snoop-servlet-information-disclosure/
|
2024-07-03 07:59:28 +00:00
|
|
|
metadata:
|
2024-07-10 18:14:21 +00:00
|
|
|
max-request: 1
|
|
|
|
|
shodan-query: title:"Snoop Servlet"
|
|
|
|
|
fofa-query: title="Snoop Servlet"
|
2024-07-03 07:59:28 +00:00
|
|
|
tags: config,exposure,snoop,snoop-servlet
|
|
|
|
|
|
|
|
|
|
http:
|
|
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/snoop"
|
2024-07-10 18:14:21 +00:00
|
|
|
|
2024-07-03 07:59:28 +00:00
|
|
|
matchers:
|
|
|
|
|
- type: dsl
|
|
|
|
|
dsl:
|
|
|
|
|
- 'status_code == 200'
|
|
|
|
|
- 'contains(body, "Snoop Servlet - Request/Client Information")'
|
|
|
|
|
condition: and
|
2024-07-11 17:28:50 +00:00
|
|
|
# digest: 490a0046304402201d22b71ab60cd5edf7fcb784c6c19b5aad78d949a207e5a40f4ad552cc3861d902204d6e63431f802264560a7272f21f7ca24f59ce64c402c5b2142fbcee1e456b97:922c64590222798bb761d5b6d8e72950
|
