37 lines
972 B
YAML
37 lines
972 B
YAML
id: openbmcs-secret-disclosure
|
|
|
|
info:
|
|
name: OpenBMCS 2.4 - Information Disclosure
|
|
author: dhiyaneshDK
|
|
severity: high
|
|
description: OpenBMCS 2.4 contains an information disclosure vulnerability. The application allows directory listing and exposure of some sensitive files, which can allow an attacker to leverage the disclosed information and gain full access.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/50671
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cwe-id: CWE-200
|
|
metadata:
|
|
max-request: 1
|
|
shodan-query: http.favicon.hash:1550906681
|
|
tags: misconfig,edb,openbmcs
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/debug/"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "change_password_sqls"
|
|
- "Index of /debug"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# Enhanced by md on 2023/03/10
|