nuclei-templates/http/misconfiguration/unigui-server-monitor-expos...

36 lines
1.2 KiB
YAML
Raw Normal View History

id: unigui-server-monitor-exposure
info:
2024-05-10 08:26:12 +00:00
name: UniGUI Server Monitor Panel - Exposure
author: serrapa
2024-05-10 08:26:12 +00:00
severity: low
description: |
Detects exposed UniGUI Server Monitor Panels which could reveal sensitive server statistics, users sessions, licensing information and others data.
reference:
- https://www.unigui.com/doc/online_help/using-server-monitor-(server-c.htm
2024-05-10 08:26:12 +00:00
metadata:
verified: true
max-request: 1
shodan-query: title:"uniGUI"
fofa-query: title="uniGUI"
tags: exposure,unigui,misconfig
2024-05-10 08:26:12 +00:00
http:
- method: GET
path:
- "{{BaseURL}}/server"
matchers-condition: and
matchers:
- type: dsl
dsl:
2024-05-10 08:26:12 +00:00
- 'contains_any(body, "uniGUI Standalone Server", "uniGUI License Information", "Server Statistics")'
- 'status_code == 200'
condition: and
2024-05-10 08:26:12 +00:00
- type: dsl
dsl:
- 'contains(body, "layout:\"fit\",title:\"uniGUI Standalone Server\"")'
- 'contains(body, "layout:\"absolute\",title:\"Server Statistics\"")'
condition: or
# digest: 490a0046304402205766cced7933a5f2f8ba6e4cd966dad51910774c86ee9260bb819ad300d147570220621881cf5155550a9207b7e19241b39c6a0df15d8629dac7675d024c80d6f14c:922c64590222798bb761d5b6d8e72950