nuclei-templates/http/misconfiguration/openbmcs/openbmcs-secret-disclosure....

35 lines
1.1 KiB
YAML

id: openbmcs-secret-disclosure
info:
name: OpenBMCS 2.4 - Information Disclosure
author: dhiyaneshDK
severity: high
description: OpenBMCS 2.4 contains an information disclosure vulnerability. The application allows directory listing and exposure of some sensitive files, which can allow an attacker to leverage the disclosed information and gain full access.
reference:
- https://www.exploit-db.com/exploits/50671
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-200
metadata:
max-request: 1
shodan-query: http.favicon.hash:1550906681
tags: misconfig,edb,openbmcs
http:
- method: GET
path:
- "{{BaseURL}}/debug/"
matchers-condition: and
matchers:
- type: word
words:
- "change_password_sqls"
- "Index of /debug"
condition: and
- type: status
status:
- 200
# digest: 490a00463044022073f533a2f8d0320492227b718112596694fdfcd1b884fe0396ed1a22440370ae02204fb250db80cc95e534767ce315be596ad551bdaa642e74f66f3db6169c20212b:922c64590222798bb761d5b6d8e72950