A JSON configuration file has been found at config.json
.
It may contains application configuration such as credentials.
False positive might happen when hitting a JSON API endpoint.
Fingerprint: b18befd9dd6536aa30550de56f90412306c00c381f4faea2c2c8ee582cff983d
{ "client_id": "ushahidiui", "client_secret": "35e7f0bca957836d05ca0492211b0ac707671261", "backend_url": "https://ushahidi.covid-19.ke", "google_analytics_id": "", "intercom_app_id": "", "mapbox_api_key": "pk.eyJ1IjoidXNoYWhpZGkiLCJhIjoiY2lxaXRrbmF5MDdxNmZubmUyN2p6bms5biJ9.o7pmKDIN1EtwMBp1VIzITQ", "raven_url": "" }
Fingerprint: b18befd9dd6536aa30550de5f4101703e5f413fd74ff01fa4cebb8c0e4384e4d
{ "backend_url": "https://ushahidi.covid-19.ke", "client_id": "ushahidiui", "client_secret": "35e7f0bca957836d05ca0492211b0ac707671261", "google_analytics_id": "", "intercom_app_id": "", "mapbox_api_key": "pk.eyJ1IjoidXNoYWhpZGkiLCJhIjoiY2lxaXRrbmF5MDdxNmZubmUyN2p6bms5biJ9.o7pmKDIN1EtwMBp1VIzITQ", "raven_url": "" }
Malicious users exploiting this vulnerability may be able to read and/or write information to shared directories.
This may also include IPC services and lead to remote code execution.
Severity: high
Fingerprint: 22420ce026fa767de22ea8c3df372350d4001392b0d472feb0d472feb0d472fe
Found open SMB shares with NT AUTHORITY/ANONYMOUS LOGON print$ IPC$ tank_shared