CVE-2021-40875 PoC — Gurock Software Gurock TestRail 信息泄露漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-40875.yaml

Associated Vulnerability

Title:Gurock Software Gurock TestRail 信息泄露漏洞 (CVE-2021-40875)
Description:Gurock Software Gurock TestRail是德国Gurock Software公司的一套基于Web的、用于QA和开发团队的测试用例管理软件。该软件支持创建测试用例、管理测试套件和协调测试过程等。 Gurock Software Gurock TestRail 7.2.0.3014之前版本存在信息泄露漏洞，攻击者可利用该漏洞访问Gurock TestRail应用程序客户端的/files.md5文件，公开应用程序文件的完整列表和相应的文件路径，探测相应的文件路径，在某些情况下，会导致硬编码

Description

Improper access control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths which can then be tested, and in some cases result in the disclosure of hardcoded credentials, API keys, or other sensitive data.

File Snapshot


 id: CVE-2021-40875

info:
  name: Gurock TestRail Application files.md5 Exposure
  author: oscarinth

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!