1970-01-01 00:00:00 +00:00
|
|
|
id: unigui-server-monitor-exposure
|
|
|
|
|
|
2024-06-07 10:04:29 +00:00
|
|
|
info:
|
|
|
|
|
name: UniGUI Server Monitor Panel - Exposure
|
|
|
|
|
author: serrapa
|
|
|
|
|
severity: low
|
|
|
|
|
description: |
|
|
|
|
|
Detects exposed UniGUI Server Monitor Panels which could reveal sensitive server statistics, users sessions, licensing information and others data.
|
|
|
|
|
reference:
|
|
|
|
|
- https://www.unigui.com/doc/online_help/using-server-monitor-(server-c.htm
|
|
|
|
|
metadata:
|
|
|
|
|
verified: true
|
|
|
|
|
max-request: 1
|
|
|
|
|
shodan-query: title:"uniGUI"
|
|
|
|
|
fofa-query: title="uniGUI"
|
|
|
|
|
tags: exposure,unigui,misconfig
|
|
|
|
|
|
2024-05-10 08:26:12 +00:00
|
|
|
http:
|
1970-01-01 00:00:00 +00:00
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/server"
|
|
|
|
|
|
|
|
|
|
matchers-condition: and
|
|
|
|
|
matchers:
|
|
|
|
|
- type: dsl
|
|
|
|
|
dsl:
|
2024-05-10 08:26:12 +00:00
|
|
|
- 'contains_any(body, "uniGUI Standalone Server", "uniGUI License Information", "Server Statistics")'
|
|
|
|
|
- 'status_code == 200'
|
|
|
|
|
condition: and
|
1970-01-01 00:00:00 +00:00
|
|
|
|
2024-05-10 08:26:12 +00:00
|
|
|
- type: dsl
|
|
|
|
|
dsl:
|
|
|
|
|
- 'contains(body, "layout:\"fit\",title:\"uniGUI Standalone Server\"")'
|
|
|
|
|
- 'contains(body, "layout:\"absolute\",title:\"Server Statistics\"")'
|
2024-09-04 15:35:24 +00:00
|
|
|
condition: or
|
|
|
|
|
# digest: 4a0a00473045022100e417069b5642b45eabcbfc7aaf1e07d664d315c3b388c8fd62061dfe290d31050220745ba51614e09a4f3167d2a776eb3bb448ca252955861e4c00eeb71d4cda378d:922c64590222798bb761d5b6d8e72950
|
