nuclei-templates/http/misconfiguration/spidercontrol-scada-server-...

36 lines
929 B
YAML
Raw Normal View History

id: spidercontrol-scada-server-info
info:
name: SpiderControl SCADA Web Server - Sensitive Information Exposure
author: geeknik
severity: high
description: SpiderControl SCADA Web Server is vulnerable to sensitive information exposure. Numerous, market-leading OEM manufacturers - from a wide variety of industries - rely on SpiderControl.
reference:
- https://spidercontrol.net/spidercontrol-inside/
tags: spidercontrol,scada,misconfig
metadata:
max-request: 1
http:
- method: GET
path:
- '{{BaseURL}}/cgi-bin/GetSrvInfo.exe'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "powered by SpiderControl"
- "LSWEBSERVER"
- "SCWEBSERVICES"
condition: and
extractors:
- type: kval
part: header
kval:
- Server
# Enhanced by mp on 2022/07/21