From ffe7382c6bd5f43b9014d75865f5389ec23d39ac Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Wed, 14 Dec 2022 15:03:01 +0530
Subject: [PATCH 1/2] Create sony-bravia-disclosure.yaml

---
 misconfiguration/sony-bravia-disclosure.yaml | 39 ++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 misconfiguration/sony-bravia-disclosure.yaml

diff --git a/misconfiguration/sony-bravia-disclosure.yaml b/misconfiguration/sony-bravia-disclosure.yaml
new file mode 100644
index 0000000000..99fe66474a
--- /dev/null
+++ b/misconfiguration/sony-bravia-disclosure.yaml
@@ -0,0 +1,39 @@
+id: sony-bravia-disclosure
+
+info:
+  name: Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure
+  author: geeknik
+  severity: medium
+  description: |
+    The application is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit several API endpoints and disclose information running on the device.
+  reference:
+    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php
+    - https://www.zeroscience.mk/codes/sonybravia_sysinfo.txt
+  tags: sony,unauth,disclosure
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/api/system'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"contentsServer":'
+          - '"networkInterfaces":'
+          - '"serverTime":'
+          - '"hostIp":'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "text/plain"
+          - "application/json"
+        condition: or
+
+      - type: status
+        status:
+          - 200

From 99e20791ea40d75d2fa68e558b3d0685b32bafb1 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Thu, 22 Dec 2022 10:57:29 +0530
Subject: [PATCH 2/2] Update sony-bravia-disclosure.yaml

---
 misconfiguration/sony-bravia-disclosure.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/misconfiguration/sony-bravia-disclosure.yaml b/misconfiguration/sony-bravia-disclosure.yaml
index 99fe66474a..943b241d61 100644
--- a/misconfiguration/sony-bravia-disclosure.yaml
+++ b/misconfiguration/sony-bravia-disclosure.yaml
@@ -3,13 +3,13 @@ id: sony-bravia-disclosure
 info:
   name: Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure
   author: geeknik
-  severity: medium
+  severity: low
   description: |
     The application is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit several API endpoints and disclose information running on the device.
   reference:
     - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php
     - https://www.zeroscience.mk/codes/sonybravia_sysinfo.txt
-  tags: sony,unauth,disclosure
+  tags: misconfig,sony,unauth,exposure
 
 requests:
   - method: GET