From 7768c14f041577c58afc43e767e673df22fedfa9 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 8 Feb 2023 02:56:36 +0530 Subject: [PATCH] Additional Endpoints Added JKStatus Manager --- misconfiguration/jkstatus-manager.yaml | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/misconfiguration/jkstatus-manager.yaml b/misconfiguration/jkstatus-manager.yaml index d5d0a1d1f3..c6eb6b4288 100644 --- a/misconfiguration/jkstatus-manager.yaml +++ b/misconfiguration/jkstatus-manager.yaml @@ -2,17 +2,32 @@ id: jkstatus-manager info: name: JK Status Manager - author: pdteam + author: pdteam,DhiyaneshDk severity: low + reference: + - https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/JKStatus.java + metadata: + verified: "true" + shodan-query: html:"JK Status Manager" tags: config,status requests: - method: GET headers: X-Forwarded-For: "127.0.0.1" + path: - - "{{BaseURL}}/jkstatus/" + - "{{BaseURL}}" + - "{{BaseURL}}/status" + - "{{BaseURL}}/jkstatus" + - "{{BaseURL}}/jkstatus-auth" + - "{{BaseURL}}/jk-status" + - "{{BaseURL}}/jkmanager" + - "{{BaseURL}}/jkmanager-auth" + - "{{BaseURL}}/jdkstatus" + + stop-at-first-match: true matchers: - type: word words: - - "JK Status Manager" + - "JK Status Manager"