nuclei-templates/http/misconfiguration/installer/concrete-installer.yaml

42 lines
1.0 KiB
YAML
Raw Normal View History

2022-12-26 11:24:39 +00:00
id: concrete-installer
info:
name: Concrete Installer
author: pussycat0x
severity: high
2023-12-21 09:19:34 +00:00
description: Concrete is susceptible to the Installation page exposure due to misconfiguration.
2022-12-26 11:24:39 +00:00
metadata:
verified: true
2023-10-14 11:27:55 +00:00
max-request: 1
2022-12-26 11:24:39 +00:00
shodan-query: title:"Install concrete"
2024-09-10 08:22:50 +00:00
product: concrete_cms
vendor: concretecms
2022-12-26 11:24:39 +00:00
tags: misconfig,exposure,install,concrete
2024-09-10 08:22:50 +00:00
classification:
cpe: cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*
http:
2022-12-26 11:24:39 +00:00
- method: GET
path:
2022-12-27 11:17:00 +00:00
- "{{BaseURL}}/index.php/install"
2022-12-26 11:24:39 +00:00
matchers-condition: and
matchers:
- type: word
part: body
words:
- "install concrete"
- "choose language"
condition: and
case-insensitive: true
2022-12-27 11:17:00 +00:00
2022-12-26 11:24:39 +00:00
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
2024-09-10 08:22:50 +00:00
# digest: 4b0a00483046022100aee4c924c2e7aa89a7cf5c5e8a62ffa301ab5bf24ac02ebfe4a50c52fb5247fe022100fe66bcf33dc4c5b8a7b3ba0ac201fdf08641b402364e0b685115bd990834e9b5:922c64590222798bb761d5b6d8e72950