Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (PHPTail) Unauthenticated File Disclosure" module is designed to detect an unauthenticated file disclosure vulnerability in the SOUND4 IMPACT/FIRST/PULSE/Eco software versions up to 2.x. This vulnerability allows attackers to disclose arbitrary files on the affected device, potentially exposing sensitive and system information. The severity of this vulnerability is classified as medium.
This module was authored by arafatansari.
An attacker exploiting the unauthenticated file disclosure vulnerability in the SOUND4 IMPACT/FIRST/PULSE/Eco software can gain unauthorized access to sensitive files on the affected device. This can lead to the exposure of confidential information, such as user credentials, system configuration files, and other sensitive data.
The module works by sending an HTTP GET request to the "/cgi-bin/loghandler.php" endpoint with the "ajax=251&file=/mnt/old-root/etc/passwd" query parameters. It then applies two matching conditions to determine if the vulnerability is present:
If both matching conditions are met, the module reports the vulnerability.
For more information, you can refer to the Packet Storm Security website.