From abae16ac9f068e97abd5fdea7db17971af579cc4 Mon Sep 17 00:00:00 2001 From: Arman <65326024+tess-ss@users.noreply.github.com> Date: Wed, 2 Nov 2022 13:26:24 -0700 Subject: [PATCH 1/4] Create hfs-panel-exposed.yaml --- misconfiguration/hfs-panel-exposed.yaml | 36 +++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 misconfiguration/hfs-panel-exposed.yaml diff --git a/misconfiguration/hfs-panel-exposed.yaml b/misconfiguration/hfs-panel-exposed.yaml new file mode 100644 index 0000000000..f4f40d4464 --- /dev/null +++ b/misconfiguration/hfs-panel-exposed.yaml @@ -0,0 +1,36 @@ +id: hfs-panel-exposed + +info: + name: HFS Panel Exposed + author: tess + severity: low + metadata: + verified: true + shodan-query: title:"HFS /" + tags: misconfig,hfs,exposed + +requests: + - method: GET + path: + - '{{BaseURL}}/' + + host-redirects: true + max-redirects: 2 + matchers-condition: and + matchers: + - type: word + part: body + words: + - "HFS /" + - "Messages" + - "Where to search" + condition: and + + - type: word + part: header + words: + - "text/html" + + - type: status + status: + - 200 From 9453d0035ba45d10d39b35a28bee6b972ee576ab Mon Sep 17 00:00:00 2001 From: Arman <65326024+tess-ss@users.noreply.github.com> Date: Wed, 2 Nov 2022 13:45:26 -0700 Subject: [PATCH 2/4] Update hfs-panel-exposed.yaml --- misconfiguration/hfs-panel-exposed.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/misconfiguration/hfs-panel-exposed.yaml b/misconfiguration/hfs-panel-exposed.yaml index f4f40d4464..a795f57c3d 100644 --- a/misconfiguration/hfs-panel-exposed.yaml +++ b/misconfiguration/hfs-panel-exposed.yaml @@ -21,8 +21,8 @@ requests: - type: word part: body words: - - "HFS /" - - "Messages" + - "HFS /" + - "Messages" - "Where to search" condition: and From 650d49f7610a04c7187af9fc20b03b1415e08992 Mon Sep 17 00:00:00 2001 From: Arman <65326024+tess-ss@users.noreply.github.com> Date: Wed, 2 Nov 2022 14:19:10 -0700 Subject: [PATCH 3/4] Update hfs-panel-exposed.yaml --- misconfiguration/hfs-panel-exposed.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misconfiguration/hfs-panel-exposed.yaml b/misconfiguration/hfs-panel-exposed.yaml index a795f57c3d..ff96fc9835 100644 --- a/misconfiguration/hfs-panel-exposed.yaml +++ b/misconfiguration/hfs-panel-exposed.yaml @@ -7,7 +7,7 @@ info: metadata: verified: true shodan-query: title:"HFS /" - tags: misconfig,hfs,exposed + tags: misconfig,hfs,exposure requests: - method: GET From faeab230d4722f26998ed156f736ca77c8063f88 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 3 Nov 2022 07:42:51 +0530 Subject: [PATCH 4/4] Update and rename hfs-panel-exposed.yaml to hfs-exposure.yaml --- .../{hfs-panel-exposed.yaml => hfs-exposure.yaml} | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) rename misconfiguration/{hfs-panel-exposed.yaml => hfs-exposure.yaml} (73%) diff --git a/misconfiguration/hfs-panel-exposed.yaml b/misconfiguration/hfs-exposure.yaml similarity index 73% rename from misconfiguration/hfs-panel-exposed.yaml rename to misconfiguration/hfs-exposure.yaml index ff96fc9835..fbd2ae99ce 100644 --- a/misconfiguration/hfs-panel-exposed.yaml +++ b/misconfiguration/hfs-exposure.yaml @@ -1,9 +1,9 @@ -id: hfs-panel-exposed +id: hfs-exposure info: - name: HFS Panel Exposed + name: HFS Exposure author: tess - severity: low + severity: unknown metadata: verified: true shodan-query: title:"HFS /" @@ -12,10 +12,8 @@ info: requests: - method: GET path: - - '{{BaseURL}}/' + - '{{BaseURL}}' - host-redirects: true - max-redirects: 2 matchers-condition: and matchers: - type: word @@ -23,7 +21,6 @@ requests: words: - "HFS /" - "Messages" - - "Where to search" condition: and - type: word