id: sony-bravia-disclosure

info:
  name: Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure
  author: geeknik
  severity: low
  description: |
    The application is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit several API endpoints and disclose information running on the device.
  reference:
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5610.php
    - https://www.zeroscience.mk/codes/sonybravia_sysinfo.txt
  metadata:
    max-request: 1
  tags: misconfig,sony,unauth,exposure

http:
  - method: GET
    path:
      - '{{BaseURL}}/api/system'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"contentsServer":'
          - '"networkInterfaces":'
          - '"serverTime":'
          - '"hostIp":'
        condition: and

      - type: word
        part: header
        words:
          - "text/plain"
          - "application/json"
        condition: or

      - type: status
        status:
          - 200

# digest: 490a004630440220286c95444659c9b9ceef41b53e0678d0ab0a839313f35d8f1bd6057fe225d083022075e0a369d67267877ebde8782975b8bafad95b3434a2e3c5529f1df5f638de64:922c64590222798bb761d5b6d8e72950