Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-40875 β€” AI Deep Analysis Summary

Q1What is this vulnerability? (Essence + Consequences)

🚨 **Essence**: Improper Access Control in Gurock TestRail. <br>πŸ’₯ **Consequences**: Attackers access `/files.md5` to get a full list of app files & paths.…
Read full answer (login)

Q2Root Cause? (CWE/Flaw)

πŸ›‘οΈ **Root Cause**: **Improper Access Control** (IAC). The `/files.md5` file on the client side is accessible without proper restrictions, leaking internal file structures.

Q3Who is affected? (Versions/Components)

πŸ“¦ **Affected**: **Gurock Software Gurock TestRail**. <br>πŸ“… **Versions**: All versions **before 7.2.0.3014**. <br>🌍 **Context**: Web-based QA/test case management software.

Q4What can hackers do? (Privileges/Data)

πŸ•΅οΈ **Attacker Actions**: <br>1. Access `/files.md5`. <br>2. Map application file paths. <br>3. Probe specific paths. <br>4. **Steal**: Hardcoded passwords, API keys, sensitive config data.

Q5Is exploitation threshold high? (Auth/Config)

⚑ **Exploitation Threshold**: **LOW**. <br>πŸ”“ **Auth**: No authentication required to access the `/files.md5` endpoint. <br>βš™οΈ **Config**: Default installation behavior allows this exposure.

Q6Is there a public Exp? (PoC/Wild Exploitation)

πŸ’£ **Public Exp/PoC**: **YES**. <br>πŸ”— Tools available: <br>- `derailed` (SakuraSamuraii) <br>- `TestRail-files.md5-IAC-scanner` (Lul) <br>- Nuclei templates (ProjectDiscovery).…
Read full answer (login)

Q7How to self-check? (Features/Scanning)

πŸ” **Self-Check**: <br>1. Visit `http://<target>/files.md5`. <br>2. If you see a list of files/paths, you are **VULNERABLE**. <br>3. Use automated scanners like Nuclei or the Python scripts linked in the data.

Q8Is it fixed officially? (Patch/Mitigation)

🩹 **Official Fix**: **YES**. <br>βœ… **Patch**: Upgrade to version **7.2.0.3014** or later. <br>πŸ“’ **Status**: Fixed by Gurock Software.

Q9What if no patch? (Workaround)

🚧 **No Patch Workaround**: <br>1. **Block Access**: Configure Web Server (Nginx/Apache) to deny requests to `/files.md5`. <br>2. **WAF Rules**: Add rule to block access to this specific endpoint. <br>3.…
Read full answer (login)

Q10Is it urgent? (Priority Suggestion)

πŸ”₯ **Urgency**: **HIGH**. <br>⚠️ **Reason**: Easy to exploit, no auth needed, leads to credential/API key leaks. <br>πŸš€ **Action**: Patch immediately or block endpoint via WAF/Config.

Continue exploring

Vulnerability detail Full AI analysis (login) n/a