Add Redis Commander Panel Detection

Redis Commander is a common ui for redis. Access to Redis Commander can allow access to redis and expose sensible session or cache data.
2021-10-25 15:45:49 +02:00 · 2021-10-25 15:45:49 +02:00 · 3c21e2fc16
parent a21cec6362
commit 3c21e2fc16
1 changed files with 22 additions and 0 deletions
--- a/exposed-panels/redis-commander-exposure.yaml
+++ b/exposed-panels/redis-commander-exposure.yaml
@ -0,0 +1,22 @@
+id: redis-commander-exposure
+
+info:
+  name: Redis Commander Exposure
+  author: dahse89
+  severity: low
+  reference:
+    - https://joeferner.github.io/redis-commander/
+    - https://github.com/joeferner/redis-commander
+  tags: panel
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers:
+      - type: word
+        words:
+          - "<title>Redis Commander"
+          - "redisCommanderBearerToken"
+        condition: and