id: CVE-2018-9161

info:
  name: PrismaWEB - Credentials Disclosure
  author: gy741
  severity: critical
  description: The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.
  reference:
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php
    - https://nvd.nist.gov/vuln/detail/CVE-2018-9161
  tags: cve,cve2018,prismaweb,exposure
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.80
    cve-id: CVE-2018-9161
    cwe-id: CWE-798

requests:
  - method: GET
    path:
      - "{{BaseURL}}/user/scripts/login_par.js"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'txtChkUser'
          - 'txtChkPassword'
        condition: and

      - type: status
        status:
          - 200