Lucene search
DevdevrlH1:1860520HistoryFeb 02, 2023 - 8:16 p.m.
TD Bank: Server-Status leads to exposure information
2023-02-0220:16:33
devdevrl
hackerone.com
22
td bank
server-status
vulnerability
information disclosure
bugbounty
##Summary
Hi team i hope you are well t is a pleasure to work in your program. I will begin to present the vulnerability that I found it: Server-status leads to disclosure information
##Steps
Vulnerable subdomain :
1.https://cred.sit.td.com/
###Example POC: https://cred.sit.td.com/server-status
Path: /server-status
Current Time: Thursday, 02-Feb-2023 15:11:42 EST
Restart Time: Thursday, 12-Jan-2023 12:06:11 EST
Parent Server Config. Generation: 1
Parent Server MPM Generation: 0
Server uptime: 21 days 3 hours 5 minutes 30 seconds
Server load: 0.07 0.09 0.05
Total accesses: 1041463 - Total Traffic: 1.6 GB - Total Duration: 3433495
CPU Usage: u161.86 s273.66 cu1383.43 cs912.26 - .15% CPU load
.57 requests/sec - 941 B/second - 1650 B/request - 3.2968 ms/request
3 requests currently being processed, 47 idle workers
................................................................
....................................________KK__________________
__W___________________
Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"C" Closing connection, "L" Logging, "G" Gracefully finishing,
"I" Idle cleanup of worker, "." Open slot with no current process
Srv PID Acc M CPU SS Req Dur Conn Child Slot Client Protocol VHost Request
0-0 - 0/0/10502 . 0.00 62455 1 37425 0.0 0.00 23.58 10.106.138.188 http/1.1 cred.sit1.td.com:443 GET /wp-content/plugins/velvet-blues-update-urls/readme.txt HTT
0-0 - 0/0/10491 . 0.00 62455 0 33430 0.0 0.00 24.15 10.106.138.224 http/1.1 cred.sit1.td.com:443 GET /common/images/Logo.png HTTP/1.1
0-0 - 0/0/10429 . 0.00 62455 2 99000 0.0 0.00 23.48 10.106.138.251 http/1.1 cred.sit1.td.com:443 POST /v1/graphiql.css HTTP/1.1
0-0 - 0/0/10498 . 0.00 62455 1 35300 0.0 0.00 24.22 10.106.138.196 http/1.1 cred.sit1.td.com:443 GET /wp-content/plugins/akismet/readme.txt HTTP/1.1
0-0 - 0/0/10426 . 0.00 62455 1 65225 0.0 0.00 23.54 10.106.138.254 http/1.1 cred.sit1.td.com:443 POST /graph_cms HTTP/1.1
0-0 - 0/0/10591 . 0.00 62455 1 33962 0.0 0.00 23.85 10.106.138.183 http/1.1 cred.sit1.td.com:443 GET /portal/info.jsp HTTP/1.1
0-0 - 0/0/10427 . 0.00 62455 1 25274 0.0 0.00 23.58 10.106.138.217 http/1.1 cred.sit1.td.com:443 GET /cms/portlets/Telerik.Web.UI.DialogHandler.aspx?dp=1 HTTP/1
0-0 - 0/0/10512 . 0.00 62455 2 24441 0.0 0.00 24.05 10.106.138.154 http/1.1 cred.sit1.td.com:443 POST /graphiql.css HTTP/1.1
0-0 - 0/0/10541 . 0.00 62455 1 53066 0.0 0.00 23.46 10.106.138.144 http/1.1 cred.sit1.td.com:443 POST /query-api HTTP/1.1
0-0 - 0/0/10465 . 0.00 62455 1 27071 0.0 0.00 23.99 10.106.138.176 http/1.1 cred.sit1.td.com:443 GET /wp-content/plugins/cmb2/readme.txt HTTP/1.1
0-0 - 0/0/44549 . 0.00 62455 2 112753 0.0 0.00 31.44 10.106.138.222 http/1.1 cred.sit1.td.com:443 POST /v1 HTTP/1.1
0-0 - 0/0/10530 . 0.00 62455 2 24425 0.0 0.00 23.75 10.106.138.142 http/1.1 cred.sit1.td.com:443 GET /wp-content/plugins/wp-multibyte-patch/readme.txt HTTP/1.1
0-0 - 0/0/10514 . 0.00 62455 1 28318 0.0 0.00 24.09 10.106.138.220 http/1.1 cred.sit1.td.com:443 POST /graph HTTP/1.1
0-0 - 0/0/25021 . 0.00 62455 2 47796 0.0 0.00 29.23 10.106.138.182 http/1.1 cred.sit1.td.com:443 GET /controller/registry-clients HTTP/1.1
0-0 - 0/0/10504 . 0.00 62455 2 30170 0.0 0.00 23.99 10.106.138.245 http/1.1 cred.sit1.td.com:443 GET /DesktopModule/UIQuestionControls/UIAskQuestion/Telerik.Web
0-0 - 0/0/10485 . 0.00 62455 1 23049 0.0 0.00 24.47 10.106.138.161 http/1.1 cred.sit1.td.com:443 GET /wp-content/plugins/force-regenerate-thumbnails/readme.txt
0-0 - 0/0/25720 . 0.00 62455 1 91445 0.0 0.00 29.36 10.106.138.181 http/1.1 cred.sit1.td.com:443 POST /graphiql.js HTTP/1.1
{F2151087}
Impact
Leads to information disclosure