关联漏洞
标题:
Gurock Software Gurock TestRail 信息泄露漏洞
(CVE-2021-40875)
描述:Gurock Software Gurock TestRail是德国Gurock Software公司的一套基于Web的、用于QA和开发团队的测试用例管理软件。该软件支持创建测试用例、管理测试套件和协调测试过程等。 Gurock Software Gurock TestRail 7.2.0.3014之前版本存在信息泄露漏洞,攻击者可利用该漏洞访问Gurock TestRail应用程序客户端的/files.md5文件,公开应用程序文件的完整列表和相应的文件路径,探测相应的文件路径,在某些情况下,会导致硬编码
描述
Python scanner for TestRail servers vulnerable to CVE-2021-40875
介绍
# TestRail-files.md5-IAC-scanner
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40875
# Summary
This script was written to be able to quickly identify which files on a CVE-2021-40875 vulnerable TestRail server can be accessed by looking at the returned text, by identifying the status code is not 500, and then it identifies any interesting keywords found in the file.
Keywords to look for can be modified in line 4 of scanner.py.
# Usage
Python
```
git clone https://github.com/Lul/TestRail-files.md5-IAC-scanner.git
cd ./TestRail-files.md5-IAC-scanner
python3 scanner.py
-> Input server in http:\\ or https:\\ format
```
The script will print out the server/file location, status code (if not 500), and any interesting keywords found.
文件快照
[4.0K] /data/pocs/15e5c7aba9202d119118d38e18b959d475d24793
├── [ 34K] LICENSE
├── [1.2K] README.md
└── [ 938] scanner.py
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。