daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update tekon-info-leak.yaml

patch-1
Prince Chaddha 2022-03-21 16:36:39 +05:30 committed by GitHub
parent bb7dbc4f0c
commit 66927bff20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
vulnerabilities/other/tekon-info-leak.yaml
View File

@ -3,25 +3,33 @@ id: tekon-info-leak
info: info:
name: Tekon - Unauthenticated Log Leak name: Tekon - Unauthenticated Log Leak
author: gy741 author: gy741
severity: medium severity: low
description: A vulnerability in Tekon allows remote unauthenticated users to disclose the Log of the remote device
reference: https://medium.com/@bertinjoseb/post-auth-rce-based-in-malicious-lua-plugin-script-upload-scada-controllers-located-in-russia-57044425ac38 reference: https://medium.com/@bertinjoseb/post-auth-rce-based-in-malicious-lua-plugin-script-upload-scada-controllers-located-in-russia-57044425ac38
description: A vulnerability in Tekon allows remote unauthenticated users to disclose the Log of the remote device. metadata:
tags: tekon,exposure shodan-query: title:"контроллер"
tags: tekon,exposure,unauth
requests: requests:
- method: GET - method: GET
path: path:
- '{{BaseURL}}/cgi-bin/log.cgi' - '{{BaseURL}}/cgi-bin/log.cgi'
max-size: 2048
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status
status:
- 200
- type: word - type: word
part: body
words: words:
- "-- Logs begin at" - "-- Logs begin at"
- "end at" - "end at"
part: body
condition: and condition: and
- type: word
part: header
words:
- "text/plain"
- type: status
status:
- 200