id: openbmcs-secret-disclosure info: name: OpenBMCS 2.4 - Information Disclosure author: dhiyaneshDK severity: high description: OpenBMCS 2.4 contains an information disclosure vulnerability. The application allows directory listing and exposure of some sensitive files, which can allow an attacker to leverage the disclosed information and gain full access. reference: - https://www.exploit-db.com/exploits/50671 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-200 metadata: max-request: 1 shodan-query: http.favicon.hash:1550906681 tags: misconfig,edb,openbmcs http: - method: GET path: - "{{BaseURL}}/debug/" matchers-condition: and matchers: - type: word words: - "change_password_sqls" - "Index of /debug" condition: and - type: status status: - 200 # Enhanced by md on 2023/03/10