NSE wanted: HP iLO unauthenticated information disclosure #1016
Description
As reported on IRC:
(03:26:11 PM) swankier: hello all. I just learned a neat trick that I felt like sharing. HP iLo (and maybe other brands) have an unauthenticated info disclosure at <ip>/xmldata?item=all. It lists firmware version, mac addresses, ip addresses, product ID, serial number, product name and others.
(03:29:20 PM) swankier: it will also show whether it is advanced or standard and if advanced what the product key is
Verified. We would like to have either a NSE script or at least a http-enum fingerprint (in nselib/data/http-fingerprints.lua) to extract info from this simple XML page.