Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

HP ILO Serial Key Disclosure

By kannthu

Medium
Vidoc logoVidoc Module
#exposure#config
Description

HP ILO Serial Key Disclosure

This module, named "HP ILO Serial Key Disclosure", is designed to detect a specific vulnerability in HP Integrated Lights-Out (ILO) devices. The module targets misconfigurations in the ILO devices that could lead to the disclosure of the serial key. The vulnerability is classified as medium severity.

Impact

Exploiting this vulnerability could allow an attacker to obtain the serial key of the HP ILO device. This information could be used to gain unauthorized access to the device or perform further attacks on the network.

How the module works?

The module works by sending an HTTP GET request to the "/xmldata?item=CpqKey" endpoint of the HP ILO device. It then applies matching conditions to the response to determine if the vulnerability is present.

The matching conditions include checking for specific words in the response body, such as "LTYPE", "LNAME", and "KEY". Additionally, the module verifies that the HTTP response status is 200.

By analyzing the response and matching conditions, the module can identify if the HP ILO device is vulnerable to serial key disclosure.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/xmldata?item=CpqKey
Matching conditions
word: LTYPE, LNAME, KEYand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability