26 lines
877 B
YAML
26 lines
877 B
YAML
id: redv-super-logs
|
|
|
|
info:
|
|
name: RED-V Super Digital Signage System RXV-A740R - Log Information Disclosure
|
|
author: r3Y3r53
|
|
severity: medium
|
|
description: |
|
|
The application is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit several endpoints and disclose the webserver's log file list containing sensitive system resources and debug log information running on the device.
|
|
reference:
|
|
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5609.php
|
|
metadata:
|
|
verified: true
|
|
tags: redv,log,disclosure,exposure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/downloader.log"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'status_code == 200'
|
|
- 'contains(content_type, "text/plain")'
|
|
- 'contains_all(body, "Log file", "[LogParser]", "[INFO]")'
|
|
condition: and |