daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create netdisco-unauth.yaml

patch-12
Ritik Chaddha 2024-10-07 11:55:46 +04:00 committed by GitHub
parent 45db6501ce
commit 73464aa138
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
http/misconfiguration/netdisco/netdisco-unauth.yaml Normal file
View File

@ -0,0 +1,30 @@
id: netdisco-unauth
info:
name: Netdisco - Unauth Access
author: ritikchaddha
severity: critical
description: |
Detects an unauth dashboard access of Netdisco.
impact: |
Attackers can potentially exploit this vulnerability to gain unauthorized access to sensitive information.
metadata:
verified: true
max-request: 1
shodan-query: title:"Netdisco"
fofa-query: title="Netdisco"
tags: netdisco,misconfig,unauth
http:
- method: GET
path:
- "{{BaseURL}}/inventory"
host-redirects: true
max-redirects: 2
matchers:
- type: dsl
dsl:
- contains_all(body, "User Management", "/admin/discoverall", "Logged in as")
- status_code == 200
condition: and