Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (PHPTail) Unauthenticated File Disclosure

By kannthu

Medium
Vidoc logoVidoc Module
#packetstorm#lfi#sound4#unauth#disclosure
Description

What is the "SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (PHPTail) Unauthenticated File Disclosure?"

The "SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (PHPTail) Unauthenticated File Disclosure" module is designed to detect an unauthenticated file disclosure vulnerability in the SOUND4 IMPACT/FIRST/PULSE/Eco software versions up to 2.x. This vulnerability allows attackers to disclose arbitrary files on the affected device, potentially exposing sensitive and system information. The severity of this vulnerability is classified as medium.

This module was authored by arafatansari.

Impact

An attacker exploiting the unauthenticated file disclosure vulnerability in the SOUND4 IMPACT/FIRST/PULSE/Eco software can gain unauthorized access to sensitive files on the affected device. This can lead to the exposure of confidential information, such as user credentials, system configuration files, and other sensitive data.

How the module works?

The module works by sending an HTTP GET request to the "/cgi-bin/loghandler.php" endpoint with the "ajax=251&file=/mnt/old-root/etc/passwd" query parameters. It then applies two matching conditions to determine if the vulnerability is present:

    - The first matching condition uses a regular expression to search for the string "root:[x*]:0:0" in the response body. If this string is found, it indicates that the file "/mnt/old-root/etc/passwd" has been disclosed. - The second matching condition checks if the HTTP response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports the vulnerability.

For more information, you can refer to the Packet Storm Security website.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/cgi-bin/loghandler....
Matching conditions
regex: root:[x*]:0:0and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability