36 lines
1.2 KiB
YAML
36 lines
1.2 KiB
YAML
id: elmah-log-file
|
|
|
|
info:
|
|
name: ELMAH Exposure
|
|
author: shine,idealphase
|
|
severity: high
|
|
description: |
|
|
ELMAH (Error Logging Modules and Handlers) is an application-wide error logging facility that is completely pluggable. It can be dynamically added to a running ASP.NET web application, or even all ASP.NET web applications on a machine, without any need for re-compilation or re-deployment. In some cases, the logs expose ASPXAUTH cookies allowing to hijack a logged in administrator session.
|
|
reference:
|
|
- https://code.google.com/archive/p/elmah/
|
|
- https://www.troyhunt.com/aspnet-session-hijacking-with-google/
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
tags: logs,elmah,exposure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/elmah"
|
|
- "{{BaseURL}}/elmah.axd"
|
|
|
|
stop-at-first-match: true
|
|
host-redirects: true
|
|
max-redirects: 2
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- 'Error Log for'
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4b0a004830460221008a7f805258e2f9a89c6299ec951b56b46def018df7f37c2d78c43e58b5a95073022100f8859a41f2bae3ab249c313d586d1b11214f0d82728cd94b0ae57e967caa034d:922c64590222798bb761d5b6d8e72950 |