2024-07-03 07:59:28 +00:00
|
|
|
id: snoop-servlet
|
|
|
|
|
|
|
|
|
|
info:
|
2024-07-10 18:14:21 +00:00
|
|
|
name: Snoop Servlet - Information Disclosure
|
2024-07-03 07:59:28 +00:00
|
|
|
author: omranisecurity
|
2024-07-03 08:03:31 +00:00
|
|
|
severity: low
|
2024-07-10 18:14:21 +00:00
|
|
|
description: |
|
|
|
|
|
The Snoop Servlet returns information about the HTTP request itself and sometimes. It could help an attacker to prepare more advanced attacks.
|
|
|
|
|
reference:
|
|
|
|
|
- https://www.acunetix.com/vulnerabilities/\web/snoop-servlet-information-disclosure/
|
2024-07-03 07:59:28 +00:00
|
|
|
metadata:
|
2024-07-10 18:14:21 +00:00
|
|
|
max-request: 1
|
|
|
|
|
shodan-query: title:"Snoop Servlet"
|
|
|
|
|
fofa-query: title="Snoop Servlet"
|
2024-07-03 07:59:28 +00:00
|
|
|
tags: config,exposure,snoop,snoop-servlet
|
|
|
|
|
|
|
|
|
|
http:
|
|
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/snoop"
|
2024-07-10 18:14:21 +00:00
|
|
|
|
2024-07-03 07:59:28 +00:00
|
|
|
matchers:
|
|
|
|
|
- type: dsl
|
|
|
|
|
dsl:
|
|
|
|
|
- 'status_code == 200'
|
|
|
|
|
- 'contains(body, "Snoop Servlet - Request/Client Information")'
|
|
|
|
|
condition: and
|
