Share
## https://sploitus.com/exploit?id=2444AB00-481E-5182-9B60-5D9A249D7743
# SuperAlts Security Assessment

## Executive Summary

This repository documents the results of a reconnaissance and security assessment performed against the publicly accessible infrastructure of **superalts.dev**.

The objective of this assessment was to identify exposed services, information disclosure issues, and potentially vulnerable software through passive reconnaissance, technology fingerprinting, endpoint discovery, and public vulnerability correlation.

No authenticated access was used during the assessment.

---

# Scope

## Live Domains

```text
$ cat Alive.txt

https://www.superalts.dev
https://cdn.superalts.dev
https://status.superalts.dev
https://superalts.dev
https://client.superalts.dev
https://docs.superalts.dev
```

---

# Methodology

The assessment consisted of:

- Subdomain Enumeration
- HTTP Probing
- Technology Fingerprinting
- Manual Reconnaissance
- Directory Enumeration
- Endpoint Discovery
- JavaScript Inspection
- Version Identification
- Public Vulnerability Correlation

No intrusive testing was performed.

---

# Technologies Identified

| Technology | Status |
|------------|--------|
| LiteSpeed | Detected |
| PHP 8.1.33 | Version Exposed |
| Next.js | Detected |
| Veno File Manager 4.3.0 | Identified |

---

# Findings

---

## 1. Exposed Veno File Manager Administration Panel

### Severity

Low

### Description

A publicly accessible Veno File Manager instance was discovered.

```
https://cdn.superalts.dev/vfm-admin/
```

Observed software version:

```
Veno File Manager 4.3.0
```

The administrative interface is reachable without restriction.

---

## 2. Directory Listing Enabled

### Severity

Low

The uploads directory allows directory indexing.

```
https://cdn.superalts.dev/vfm-admin/_content/uploads/
```

Potential impact includes:

- Uploaded file enumeration
- Metadata disclosure
- Accidental information exposure

---

## 3. PHP Version Disclosure

### Severity

Informational

HTTP responses disclose the backend runtime.

```
PHP/8.1.33
```

---

## 4. LiteSpeed Stack Disclosure

### Severity

Informational

The HTTP Server header exposes:

```
LiteSpeed
```

---

## 5. Next.js Build Manifest Exposure

The application exposes its build manifest.

```
https://superalts.dev/_next/static/Ow9ERizAl3375itfXBHUI/_buildManifest.js
```

This reveals:

- Application routes
- Static assets
- Bundle structure

---

## 6. Public Download Endpoints

Several download endpoints were identified.

```
https://cdn.superalts.dev/?dl=be7e3c85d8553c671497420b68656eb0
```

```
https://cdn.superalts.dev/download/0/sh/83016e2dc156a50c0b6649906cdd9702/share/be7e3c85d8553c671497420b68656eb0
```

No unauthorized access was observed.

---

## 7. Public Query Endpoint

The following endpoint was identified.

```
https://cdn.superalts.dev/vfm-admin/index.php?q=
```

The parameter appears to be associated with Veno File Manager download functionality.

---

# Public Vulnerability Research

During software identification, a matching public advisory was located.

## Exploit-DB

```
EDB-ID: 38880
```

Title

```
Veno File Manager - 'q' Arbitrary File Download
```

Searchsploit output

```text
$ searchsploit -x 38880 | head -100

Exploit: Veno File Manager - 'q' Arbitrary File Download

URL:
https://www.exploit-db.com/exploits/38880

Path:
/usr/share/exploitdb/exploits/php/webapps/38880.txt

Codes:
OSVDB-100933

Verified:
True

Veno File Manager is prone to a vulnerability that lets attackers
download arbitrary files because the application fails to
sufficiently sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files within
the context of the web server process.

http://www.example.com/filemanager/vfm-admin/vfm-downloader.php?q=Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA==
```

---

# Assessment

The deployed software matches a product for which a historical public advisory exists.

During this assessment:

- The application was successfully identified.
- Public endpoints were enumerated.
- Relevant software versions were observed.
- Public exploit references were reviewed.

The presence of a public advisory alone does **not** demonstrate that the deployment is exploitable. Confirmation would require dedicated vulnerability testing, which was outside the scope of this assessment.

---

# Attack Surface Summary

| Asset | Status |
|--------|--------|
| Main Website | Accessible |
| CDN | Accessible |
| Status Page | Accessible |
| Client Portal | Accessible |
| Documentation | Accessible |
| File Manager | Exposed |

---

# Security Recommendations

- Restrict access to administrative interfaces.
- Disable unnecessary directory indexing.
- Suppress version disclosure where practical.
- Keep Veno File Manager updated to the latest supported release.
- Periodically review publicly accessible endpoints.
- Audit exposed Next.js resources.

---

# Tools Used

```text
subfinder
httpx
curl
searchsploit
browser developer tools
manual inspection
```

---

# Conclusion

The assessment identified multiple publicly accessible administrative and informational resources, including exposed software, version disclosures, directory indexing, and publicly reachable download functionality.

Additionally, historical public vulnerability research identified an advisory affecting the same software family observed during reconnaissance. While this increases the importance of maintaining the application, no exploitation was performed or confirmed during this assessment.

Overall, the findings primarily represent opportunities for reconnaissance and security hardening rather than verified compromise.

---

# Legal Notice

This assessment was limited to publicly accessible information and observation of exposed services.

No authentication bypass, privilege escalation, destructive testing, denial-of-service activity, or unauthorized exploitation was performed.