id: sony-bravia-disclosure

info:
  name: Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure
  author: geeknik
  severity: low
  description: |
    The application is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit several API endpoints and disclose information running on the device.
  reference:
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php
    - https://www.zeroscience.mk/codes/sonybravia_sysinfo.txt
  tags: misconfig,sony,unauth,exposure
  metadata:
    max-request: 1

http:
  - method: GET
    path:
      - '{{BaseURL}}/api/system'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"contentsServer":'
          - '"networkInterfaces":'
          - '"serverTime":'
          - '"hostIp":'
        condition: and

      - type: word
        part: header
        words:
          - "text/plain"
          - "application/json"
        condition: or

      - type: status
        status:
          - 200