36 lines
957 B
YAML
36 lines
957 B
YAML
id: openbmcs-secret-disclosure
|
|
|
|
info:
|
|
name: OpenBMCS 2.4 - Information Disclosure
|
|
author: dhiyaneshDK
|
|
severity: high
|
|
description: OpenBMCS 2.4 contains an information disclosure vulnerability. The application allows directory listing and exposure of some sensitive files, which can allow an attacker to leverage the disclosed information and gain full access.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/50671
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cwe-id: CWE-200
|
|
metadata:
|
|
shodan-query: http.favicon.hash:1550906681
|
|
tags: misconfig,edb,openbmcs
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/debug/"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "change_password_sqls"
|
|
- "Index of /debug"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# Enhanced by md on 2023/03/10
|