30 lines
1.1 KiB
YAML
30 lines
1.1 KiB
YAML
id: redv-super-logs
|
|
|
|
info:
|
|
name: RED-V Super Digital Signage System RXV-A740R - Log Information Disclosure
|
|
author: r3Y3r53
|
|
severity: medium
|
|
description: |
|
|
The application is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit several endpoints and disclose the webserver's log file list containing sensitive system resources and debug log information running on the device.
|
|
reference:
|
|
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5609.php
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
tags: redv,log,disclosure,exposure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/downloader.log"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'status_code == 200'
|
|
- 'contains(content_type, "text/plain")'
|
|
- 'contains_all(body, "Log file", "[LogParser]", "[INFO]")'
|
|
condition: and
|
|
|
|
# digest: 4b0a00483046022100912989005bc6ffa59a651387859cc2c2257855f054b455ff5239da539d735569022100e4d5bfe2df44deac92867b665221b426e894c620c7191f38878c837ca4846a28:922c64590222798bb761d5b6d8e72950
|