Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Sitecore 9.3 - Webroot File Read" module is designed to detect a specific vulnerability in the Sitecore 9.3 software. This vulnerability allows an attacker to read sensitive files from the webroot directory, potentially exposing sensitive information. The severity of this vulnerability is classified as high.
This module was authored by DhiyaneshDK.
If successfully exploited, this vulnerability could lead to the exposure of sensitive files, such as configuration files or user data, which could be used by an attacker to gain unauthorized access or perform further attacks.
The "Sitecore 9.3 - Webroot File Read" module works by sending a specific HTTP request to the target Sitecore instance. The request path is "/api/sitecore/Sitecore.Mvc.DeviceSimulator.Controllers.SimulatorController,Sitecore.Mvc.DeviceSimulator.dll/Preview?previewPath=/App_Data/license.xml" and the method is "GET".
The module includes two matching conditions:
- The first condition checks the response body for the presence of the "If both matching conditions are met, the module reports a vulnerability.Reference:- https://blog.assetnote.io/2023/05/10/sitecore-round-two/
Metadata:max-request: 1
verified: true
shodan-query: title:"Sitecore"