daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Increasing severity of elmah logs exposure that can lead to session hijacking

patch-2
Krzysztof Zając 2024-05-21 09:23:30 +02:00
parent be3d7f3a18
commit fe388f7da9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
http/exposures/logs/elmah-log-file.yaml
View File

@ -3,9 +3,9 @@ id: elmah-log-file
info:
name: ELMAH Exposure
author: shine,idealphase
severity: medium
severity: high
description: |
ELMAH (Error Logging Modules and Handlers) is an application-wide error logging facility that is completely pluggable. It can be dynamically added to a running ASP.NET web application, or even all ASP.NET web applications on a machine, without any need for re-compilation or re-deployment.
ELMAH (Error Logging Modules and Handlers) is an application-wide error logging facility that is completely pluggable. It can be dynamically added to a running ASP.NET web application, or even all ASP.NET web applications on a machine, without any need for re-compilation or re-deployment. In some cases, the logs expose ASPXAUTH cookies allowing to hijack a logged in administrator session.
reference:
- https://code.google.com/archive/p/elmah/
- https://www.troyhunt.com/aspnet-session-hijacking-with-google/