From ae0df7f69e2232d09f84104dbee9e5bf0a5b1f9c Mon Sep 17 00:00:00 2001 From: GwanYeong Kim Date: Thu, 24 Feb 2022 21:18:13 +0900 Subject: [PATCH] Create prismaweb-credentials-disclosure.yaml The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script. Signed-off-by: GwanYeong Kim --- .../prismaweb-credentials-disclosure.yaml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 vulnerabilities/other/prismaweb-credentials-disclosure.yaml diff --git a/vulnerabilities/other/prismaweb-credentials-disclosure.yaml b/vulnerabilities/other/prismaweb-credentials-disclosure.yaml new file mode 100644 index 0000000000..a9cb3f1c42 --- /dev/null +++ b/vulnerabilities/other/prismaweb-credentials-disclosure.yaml @@ -0,0 +1,28 @@ +id: prismaweb-credentials-disclosure + +info: + name: PrismaWEB - Credentials Disclosure + author: gy741 + severity: critical + description: The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script. + reference: + - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php + tags: prismaweb,disclosure + +requests: + - method: GET + path: + - "{{BaseURL}}/user/scripts/login_par.js" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'txtChkUser' + - 'txtChkPassword' + condition: and + + - type: status + status: + - 200