35 lines
1.1 KiB
YAML
35 lines
1.1 KiB
YAML
id: openbmcs-secret-disclosure
|
|
|
|
info:
|
|
name: OpenBMCS 2.4 - Information Disclosure
|
|
author: dhiyaneshDK
|
|
severity: high
|
|
description: OpenBMCS 2.4 contains an information disclosure vulnerability. The application allows directory listing and exposure of some sensitive files, which can allow an attacker to leverage the disclosed information and gain full access.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/50671
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cwe-id: CWE-200
|
|
metadata:
|
|
max-request: 1
|
|
shodan-query: http.favicon.hash:1550906681
|
|
tags: misconfig,edb,openbmcs
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/debug/"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "change_password_sqls"
|
|
- "Index of /debug"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 490a00463044022073f533a2f8d0320492227b718112596694fdfcd1b884fe0396ed1a22440370ae02204fb250db80cc95e534767ce315be596ad551bdaa642e74f66f3db6169c20212b:922c64590222798bb761d5b6d8e72950 |