nuclei-templates/misconfiguration/openbmcs/openbmcs-secret-disclosure....

36 lines
957 B
YAML
Raw Normal View History

id: openbmcs-secret-disclosure
info:
name: OpenBMCS 2.4 - Information Disclosure
author: dhiyaneshDK
severity: high
description: OpenBMCS 2.4 contains an information disclosure vulnerability. The application allows directory listing and exposure of some sensitive files, which can allow an attacker to leverage the disclosed information and gain full access.
reference:
- https://www.exploit-db.com/exploits/50671
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-200
metadata:
shodan-query: http.favicon.hash:1550906681
tags: misconfig,edb,openbmcs
requests:
- method: GET
path:
- "{{BaseURL}}/debug/"
matchers-condition: and
matchers:
- type: word
words:
- "change_password_sqls"
- "Index of /debug"
condition: and
- type: status
status:
- 200
# Enhanced by md on 2023/03/10