2023-10-16 20:00:54 +00:00
|
|
|
id: unauth-opache-control-panel
|
|
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
name: Opache control Panel - Unauthenticated Access
|
|
|
|
|
author: pussycat0x
|
|
|
|
|
severity: high
|
|
|
|
|
metadata:
|
|
|
|
|
shodan-query: http.title:"Opcache Control Panel"
|
|
|
|
|
verified: true
|
|
|
|
|
max-request: 1
|
|
|
|
|
tags: opache,config,exposure,status
|
|
|
|
|
|
|
|
|
|
http:
|
|
|
|
|
- method: GET
|
|
|
|
|
path:
|
2023-10-20 12:09:22 +00:00
|
|
|
- "{{BaseURL}}"
|
2023-10-16 20:00:54 +00:00
|
|
|
- "{{BaseURL}}/ocp.php"
|
|
|
|
|
|
2023-10-20 12:09:22 +00:00
|
|
|
stop-at-first-match: true
|
2023-10-16 20:00:54 +00:00
|
|
|
matchers:
|
|
|
|
|
- type: dsl
|
|
|
|
|
dsl:
|
|
|
|
|
- 'status_code == 200'
|
|
|
|
|
- 'contains(body, "Opcache Control Panel") && contains(body, "Reset") && contains(body, "Files")'
|
2023-10-20 12:09:22 +00:00
|
|
|
condition: and
|
