From a5f0b296d5a049631207110ed019487b7f577889 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Wed, 18 Jan 2023 02:08:19 +0530
Subject: [PATCH] updated matchers and path

---
 .../apache/kafka-manager-unauth.yaml          | 20 ++++++++-----------
 1 file changed, 8 insertions(+), 12 deletions(-)
 rename exposed-panels/kafka-manager-panel.yaml => misconfiguration/apache/kafka-manager-unauth.yaml (53%)

diff --git a/exposed-panels/kafka-manager-panel.yaml b/misconfiguration/apache/kafka-manager-unauth.yaml
similarity index 53%
rename from exposed-panels/kafka-manager-panel.yaml
rename to misconfiguration/apache/kafka-manager-unauth.yaml
index b5e405f008..6854e21e14 100644
--- a/exposed-panels/kafka-manager-panel.yaml
+++ b/misconfiguration/apache/kafka-manager-unauth.yaml
@@ -1,7 +1,7 @@
-id: kafka-manager-panel
+id: kafka-manager-unauth
 
 info:
-  name: Kafka Manager Panel
+  name: Kafka Manager Panel - Unauthorized Access
   author: Paper-Pen
   severity: low
   description: A kafka manager unauthorized access was discovered.
@@ -9,24 +9,20 @@ info:
     - https://github.com/yahoo/CMAK
   metadata:
     fofa-query: app="Kafka-Manager"
-  tags: tech,kafka
+  tags: misconfig,apache,kafka,unauth,exposure
 
 requests:
   - method: GET
     path:
       - "{{BaseURL}}"
-      - "{{BaseURL}}/addCluster"
 
-    matchers-condition: or
+    matchers-condition: and
     matchers:
       - type: word
         part: body
         words:
-          - "Kafka Manager"
-          - "Add Cluster"
-          - "Cluster Name"
+          - "<title>Kafka Manager</title>"
 
-      - type: word
-        part: header
-        words:
-          - "Kafka-Manager"
+      - type: status
+        status:
+          - 200