38 lines
1.2 KiB
YAML
38 lines
1.2 KiB
YAML
id: elmah-log-file
|
|
|
|
info:
|
|
name: ELMAH Exposure
|
|
author: shine,idealphase
|
|
severity: high
|
|
description: |
|
|
ELMAH (Error Logging Modules and Handlers) is an application-wide error logging facility that is completely pluggable. It can be dynamically added to a running ASP.NET web application, or even all ASP.NET web applications on a machine, without any need for re-compilation or re-deployment. In some cases, the logs expose ASPXAUTH cookies allowing to hijack a logged in administrator session.
|
|
reference:
|
|
- https://code.google.com/archive/p/elmah/
|
|
- https://www.troyhunt.com/aspnet-session-hijacking-with-google/
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
tags: logs,elmah,exposure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/elmah"
|
|
- "{{BaseURL}}/elmah.axd"
|
|
|
|
stop-at-first-match: true
|
|
host-redirects: true
|
|
max-redirects: 2
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- 'Error Log for'
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# digest: 4a0a00473045022041713d43c8599e2c01d09ef6c0cc98279b9480702f417395ce30e008679c2f890221008ca2a38749c9eeeb1c8a9ad56ae4a3425e0fc15e26b343eae714e798e222dd5e:922c64590222798bb761d5b6d8e72950
|