nuclei-templates/http/misconfiguration/unigui-server-monitor-expos...

36 lines
1.2 KiB
YAML
Raw Permalink Normal View History

id: unigui-server-monitor-exposure
info:
name: UniGUI Server Monitor Panel - Exposure
author: serrapa
severity: low
description: |
Detects exposed UniGUI Server Monitor Panels which could reveal sensitive server statistics, users sessions, licensing information and others data.
reference:
- https://www.unigui.com/doc/online_help/using-server-monitor-(server-c.htm
metadata:
verified: true
max-request: 1
shodan-query: title:"uniGUI"
fofa-query: title="uniGUI"
tags: exposure,unigui,misconfig
2024-05-10 08:26:12 +00:00
http:
- method: GET
path:
- "{{BaseURL}}/server"
matchers-condition: and
matchers:
- type: dsl
dsl:
2024-05-10 08:26:12 +00:00
- 'contains_any(body, "uniGUI Standalone Server", "uniGUI License Information", "Server Statistics")'
- 'status_code == 200'
condition: and
2024-05-10 08:26:12 +00:00
- type: dsl
dsl:
- 'contains(body, "layout:\"fit\",title:\"uniGUI Standalone Server\"")'
- 'contains(body, "layout:\"absolute\",title:\"Server Statistics\"")'
condition: or
# digest: 4a0a0047304502205cdaff71796bf1160eda5fa9c192b00f6f5beb2d3ed70c758deb475861cc3fd602210088cf4a36cf7ba5c9fac1619fc8f9e5b00f6f3490fdf6c84e1edde805f06a2164:922c64590222798bb761d5b6d8e72950