Merge pull request #6362 from projectdiscovery/sony-bravia-disclosure

Create sony-bravia-disclosure.yaml
2022-12-22 11:00:33 +05:30 · 2022-12-22 11:00:33 +05:30 · 33417f0b2e
parent 012d9f2ab2 99e20791ea
commit 33417f0b2e
1 changed files with 39 additions and 0 deletions
--- a/misconfiguration/sony-bravia-disclosure.yaml
+++ b/misconfiguration/sony-bravia-disclosure.yaml
@ -0,0 +1,39 @@
+id: sony-bravia-disclosure
+
+info:
+  name: Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure
+  author: geeknik
+  severity: low
+  description: |
+    The application is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit several API endpoints and disclose information running on the device.
+  reference:
+    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php
+    - https://www.zeroscience.mk/codes/sonybravia_sysinfo.txt
+  tags: misconfig,sony,unauth,exposure
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/api/system'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"contentsServer":'
+          - '"networkInterfaces":'
+          - '"serverTime":'
+          - '"hostIp":'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "text/plain"
+          - "application/json"
+        condition: or
+
+      - type: status
+        status:
+          - 200