Closed dabdine closed 3 years ago
I have been thinking about this too, we extract it the same way Shodan and others do today, even though it's not quite accurate. I guess the downside is limited? If the implementation "does it right", this fingerprint won't work right, but most others will.
@hdm fair enough -- agreed downside is limited, in which case merging def makes sense here. We probably should "standardize" more and provide more canonical examples long term on what title tag extraction should look like / tests around it too, at some point outside of this PR :)
Thanks @dabdine
thanks @hdm & @tsellers-r7 !
Description
Adds a fingerprint for VMware vCenter.
This is sort of experimental. The VMware vCenter page content looks like this:
At least Shodan and Censys both grab the page title as
" + ID_VC_Welcome + "
. However, it's obviously meant to be interpreted, as it's javascript (likely because of internationalization -- if you view what the page title ends up being after this is interpreted, it is "Welcome to VMware vSphere").If we're OK with HTML title tag matching to be defined as simply "whatever is in the static text representation of two enclosing title tags" I think this fingerprint is valid. If we think it that title tag retrieval is defined by some other means (interpreted, etc.) then we should reject this change.
Thoughts?
Motivation and Context
A 9.8 unauth remote file write that leads to RCE was announced.
How Has This Been Tested?
Simply using
bin/recog_verify xml/html_title.xml
Types of changes
Checklist: