Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

QiHang Media Web Digital Signage 3.0.9 - Cleartext Credentials Disclosure

By kannthu

High
Vidoc logoVidoc Module
#qihang#exposure
Description

What is the "QiHang Media Web Digital Signage 3.0.9 - Cleartext Credentials Disclosure?"

The "QiHang Media Web Digital Signage 3.0.9 - Cleartext Credentials Disclosure" module is designed to detect a vulnerability in the QiHang Media Web Digital Signage software version 3.0.9. This vulnerability allows for the disclosure of cleartext credentials, posing a high risk to the security of the system.

Impact

If exploited, this vulnerability could lead to unauthorized access to sensitive information, such as usernames and passwords, stored in the QiHang Media Web Digital Signage software. Attackers could potentially use these credentials to gain unauthorized access to the system or other connected resources.

How the module works?

The module works by sending an HTTP GET request to the "/xml/User/User.xml" path of the target system. It then analyzes the response body for specific patterns that indicate the presence of cleartext credentials. The matching conditions include the presence of "", "account=", and "password=" in the response body.

By detecting these patterns, the module can identify instances where the QiHang Media Web Digital Signage software is vulnerable to cleartext credentials disclosure. This information can then be used to take appropriate actions to secure the system and prevent unauthorized access.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/xml/User/User.xml
Matching conditions
word: <?xml version, <Users>, account=, passwo...
Passive global matcher
No matching conditions.
On match action
Report vulnerability