Add H2 console template (#3504)

* Auto Generated CVE annotations [Sat Jan 8 10:22:47 UTC 2022] 🤖 * Add tpl Co-authored-by: GitHub Action <action@github.com>
2022-01-08 15:36:08 +01:00 · 2022-01-08 15:36:08 +01:00 · 91ea210cb6
parent bec3a8713d
commit 91ea210cb6
1 changed files with 24 additions and 0 deletions
--- a/exposed-panels/h2console-panel.yaml
+++ b/exposed-panels/h2console-panel.yaml
@ -0,0 +1,24 @@
+id: h2console-panel
+
+info:
+  name: H2 console web panel
+  author: righettod
+  severity: info
+  reference:
+    - https://mp.weixin.qq.com/s/Yn5U8WHGJZbTJsxwUU3UiQ
+    - https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console
+    - https://www.shodan.io/search?query=http.title%3A%22H2+Console%22
+  tags: panel,h2,console
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/h2-console/login.jsp'
+
+    matchers:
+
+      - type: dsl
+        dsl:
+          - "status_code==200"
+          - "contains(tolower(body), '<title>h2 console</title>')"
+        condition: and