Added template for unigui-server-monitor-exposure

1970-01-01 00:00:00 +00:00 · 1970-01-01 00:00:00 +00:00 · a2f84c9302
parent 3fe45cfd32
commit a2f84c9302
1 changed files with 34 additions and 0 deletions
--- a/unigui-server-monitor-exposure.yaml
+++ b/unigui-server-monitor-exposure.yaml
@ -0,0 +1,34 @@
+id: unigui-server-monitor-exposure
+
+info:
+  name: UniGUI Server Monitor Panel Exposure
+  author: serrapa
+  severity: medium
+  description: Detects exposed UniGUI Server Monitor Panels which could reveal sensitive server statistics, users sessions, licensing information and others data.
+  reference:
+    - https://www.unigui.com/doc/online_help/using-server-monitor-(server-c.htm
+  tags: exposure,unigui
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/server"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "uniGUI Standalone Server"
+          - "uniGUI License Information"
+          - "Server Statistics"
+        part: body
+
+      - type: status
+        status:
+          - 200
+
+      - type: dsl
+        dsl:
+          - "contains(body, 'layout:\"fit\",title:\"uniGUI Standalone Server\"')"
+          - "contains(body, 'layout:\"absolute\",title:\"Server Statistics\"')"
+