ibm-friendly-path-exposure: IBM Websphere Friendly Path Exposure

日期: 2025-08-01 | 影响软件: IBM Websphere | POC: 已公开

漏洞描述

Finds friendly path exposed that can be used to access signup page and create new user accounts.

PoC代码[已公开]

id: ibm-friendly-path-exposure

info:
  name: IBM Websphere Friendly Path Exposure
  author: clarkvoss
  severity: medium
  description: Finds friendly path exposed that can be used to access signup page and create new user accounts.
  reference:
    - https://clarkvoss.medium.com/how-to-harpon-big-blue-c163722638d8
  classification:
    cpe: cpe:2.3:a:ibm:websphere_portal:*:*:*:*:*:*:*:*
  metadata:
    max-request: 5
    vendor: ibm
    product: websphere_portal
    shodan-query: http.html:"IBM WebSphere Portal"
  tags: ibm,exposure,websphere,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/wps/portal/client/welcome/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziHd3DQgMNnM3N_M1DjA08PX0NgoNcnQwt3Ez1wwkpiAJKG-AAjgb6BbmhigBypoQ7/dz/d5/L2dBISEvZ0FBIS9nQSEh/?uri=nm:oid:Z6_00000000000000A0BR2B300GG2"
      - "{{BaseURL}}/wps/portal/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziHd3DQgMNnM3N_M1DjA08PX0NgoNcnQwt3Ez1wwkpiAJKG-AAjgb6BbmhigBypoQ7/dz/d5/L2dBISEvZ0FBIS9nQSEh/?uri=nm:oid:Z6_00000000000000A0BR2B300GG2"
      - "{{BaseURL}}/wps/portal/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziDVCAo4FTkJGTsYGBu7uRfjhYgaN7WGiggbO5mb95iLGBp6evQXCQq5OhhZupfhSGfmSToPrxWEBQfxRYSYCHh5mHoYWBj7-RL1DC1y3M2NXCx9jA3RiqAI8ZBbmhEQaZjooABQv7ag!!/dz/d5/L2dBISEvZ0FBIS9nQSEh/dz/d5/L0lJSkdKSUtVSklKQ2dwUkNncFJBL29Od3dBQUFZUUFBRUl3UWxDVTVBQUdNSUtTcEtGTFJ0R0ZvIS80TmxFTklVTVFuRmR1WXBNaFFUVWs1Q2ltcHBBL1o2XzAwMDAwMDAwMDAwMDAwQTBCUjJCMzAwR1YwL1o3XzAwMDAwMDAwMDAwMDAwQTBCUjJCMzAwSU8wL25vcm1hbC9PQ04vWjZfMDAwMDAwMDAwMDAwMDBBMEJSMkIzMDBHRzIvYW8vdGht/#Z7_00000000000000A0BR2B300IO0"
      - "{{BaseURL}}/wps/portal/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziDVCAo4FTkJGTsYGBu7uRfjhYgaN7WGiggbO5mb95iLGBp6evQXCQq5OhhZupfhSGfmSToPrxWEBAf0FuaCgAb7VcBA!!/dz/d5/L2dBISEvZ0FBIS9nQSEh/dz/d5/L0lJSkdKSUtVSklKQ2dwUkNncFJBL29Od3dBQUFZUUFBRUl3UWxDVTVBQUdNSUtTcEtGTFJ0R0ZvIS80TmxFTklVTVFuRmR1WXBNaFFUVWs1Q2ltcHBBL1o2XzAwMDAwMDAwMDAwMDAwQTBCUjJCMzAwR1YwL1o3XzAwMDAwMDAwMDAwMDAwQTBCUjJCMzAwSU8wL25vcm1hbC9PQ04vWjZfMDAwMDAwMDAwMDAwMDBBMEJSMkIzMDBHRzIvYW8vdGht/#Z7_00000000000000A0BR2B300IO0"
      - "{{BaseURL}}/wps/portal/!ut/p/z1/pZHBDoIwDIYfqZVF4DoIEg5KBEHWi9mBIAnbjCEefHqH8SARJNGe2qRf_78tEFRAWt7aRvat0bKztSD3hKPgGGROwBDjEuH4bOBxWewx9NzUOzBMki3mWRSs_M0a6IN_n_Ti5wRiZ4Kf0J9r8PEXfmTwL_0Sl_YXlvfm-CRFKLS5KvuJHAgoDXeL9wKSBkR_VkPa6QZEra1N-rrJcKglqxdV2KjuEVM-czP-AKyJL-g!/dz/d5/L2dBISEvZ0FBIS9nQSEh/#Z7_00000000000000A0BR2B300IO0"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Friendly path"
          - "IBM WebSphere Portal"
        part: body

      - type: word
        words:
          - "text/html"
        part: header

      - type: status
        status:
          - 200

      - type: regex
        part: header
        regex:
          - "Content-Location: .+"
        negative: true
# digest: 4b0a00483046022100b46a85c9da89dbb1b7cc4f7e3e86c65c74ebf7bfbc47d2b50813e9f20e7fab9b022100ea79a97c80e3f149ea3ed0dbcd154d51dd4af3ce348269ece013752e94712cd8:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./http/misconfiguration/ibm-friendly-path-exposure.yaml

相关漏洞推荐