Create mautic-Unauthorized-upgrade

Unauthorized access to the mautic web page access http://x.x.x.x/upgrade.php Online upgrade, upgrade failure will cause mautic business interruption.
2022-12-15 17:56:30 +08:00 · 2022-12-15 17:56:30 +08:00 · 7f138159cf
parent 2a44b0c721
commit 7f138159cf
1 changed files with 34 additions and 0 deletions
--- a/34
+++ b/34
@ -0,0 +1,34 @@
+id: mautic-Unauthorized-upgrade
+
+info:
+  name: Mautic Upgrade.php Exposure
+  author: huowuzhao
+  severity: high
+  description: |
+    Unauthorized access to the mautic web page access http://x.x.x.x/upgrade.php Online upgrade, upgrade failure will cause mautic business interruption.
+  metadata:
+    verified: true
+  tags: misconfig,mautic,upgrade
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/upgrade.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'Upgrade Mautic'
+          - 'Click here to start upgrade'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
+      - type: status
+        status:
+          - 200