1970-01-01 00:00:00 +00:00
|
|
|
id: unigui-server-monitor-exposure
|
|
|
|
|
|
|
|
info:
|
2024-05-10 08:26:12 +00:00
|
|
|
name: UniGUI Server Monitor Panel - Exposure
|
1970-01-01 00:00:00 +00:00
|
|
|
author: serrapa
|
2024-05-10 08:26:12 +00:00
|
|
|
severity: low
|
|
|
|
description: |
|
|
|
|
Detects exposed UniGUI Server Monitor Panels which could reveal sensitive server statistics, users sessions, licensing information and others data.
|
1970-01-01 00:00:00 +00:00
|
|
|
reference:
|
|
|
|
- https://www.unigui.com/doc/online_help/using-server-monitor-(server-c.htm
|
2024-05-10 08:26:12 +00:00
|
|
|
metadata:
|
|
|
|
verified: true
|
|
|
|
max-request: 1
|
|
|
|
shodan-query: title:"uniGUI"
|
|
|
|
fofa-query: title="uniGUI"
|
|
|
|
tags: exposure,unigui,misconfig
|
1970-01-01 00:00:00 +00:00
|
|
|
|
2024-05-10 08:26:12 +00:00
|
|
|
http:
|
1970-01-01 00:00:00 +00:00
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}/server"
|
|
|
|
|
|
|
|
matchers-condition: and
|
|
|
|
matchers:
|
|
|
|
- type: dsl
|
|
|
|
dsl:
|
2024-05-10 08:26:12 +00:00
|
|
|
- 'contains_any(body, "uniGUI Standalone Server", "uniGUI License Information", "Server Statistics")'
|
|
|
|
- 'status_code == 200'
|
|
|
|
condition: and
|
1970-01-01 00:00:00 +00:00
|
|
|
|
2024-05-10 08:26:12 +00:00
|
|
|
- type: dsl
|
|
|
|
dsl:
|
|
|
|
- 'contains(body, "layout:\"fit\",title:\"uniGUI Standalone Server\"")'
|
|
|
|
- 'contains(body, "layout:\"absolute\",title:\"Server Statistics\"")'
|
|
|
|
condition: or
|
2024-05-12 08:14:08 +00:00
|
|
|
# digest: 490a0046304402205766cced7933a5f2f8ba6e4cd966dad51910774c86ee9260bb819ad300d147570220621881cf5155550a9207b7e19241b39c6a0df15d8629dac7675d024c80d6f14c:922c64590222798bb761d5b6d8e72950
|