From fcb93ad108dbf0a6362a74d76353fca681fa66a0 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Fri, 23 Apr 2021 17:37:19 +0530
Subject: [PATCH 1/3] Create spark-webui-unauth.yaml

---
 vulnerabilities/other/spark-webui-unauth.yaml | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 vulnerabilities/other/spark-webui-unauth.yaml

diff --git a/vulnerabilities/other/spark-webui-unauth.yaml b/vulnerabilities/other/spark-webui-unauth.yaml
new file mode 100644
index 0000000000..0bf8beaf97
--- /dev/null
+++ b/vulnerabilities/other/spark-webui-unauth.yaml
@@ -0,0 +1,23 @@
+id: spark-webui-unauth.yaml
+info:
+  name: Unauthenticated Spark WebUI
+  author: princechaddha
+  severity: medium
+  reference: https://github.com/vulhub/vulhub/tree/master/spark/unacc
+  tags: spark,unauth
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "title>Spark"
+          - "<strong>URL:</strong>"
+        part: body
+        condition: and

From f72656244535599008e7a257d59e4876c91d9fd4 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Mon, 26 Apr 2021 21:56:13 +0530
Subject: [PATCH 2/3] Update spark-webui-unauth.yaml

---
 vulnerabilities/other/spark-webui-unauth.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vulnerabilities/other/spark-webui-unauth.yaml b/vulnerabilities/other/spark-webui-unauth.yaml
index 0bf8beaf97..a1e0b2dd4a 100644
--- a/vulnerabilities/other/spark-webui-unauth.yaml
+++ b/vulnerabilities/other/spark-webui-unauth.yaml
@@ -17,7 +17,7 @@ requests:
           - 200
       - type: word
         words:
-          - "title>Spark"
+          - "<title>Spark Master at spark://
           - "<strong>URL:</strong>"
         part: body
         condition: and

From 3079fce64824a967d911caf41e655337b91e6863 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Mon, 26 Apr 2021 21:57:46 +0530
Subject: [PATCH 3/3] Update spark-webui-unauth.yaml

---
 vulnerabilities/other/spark-webui-unauth.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vulnerabilities/other/spark-webui-unauth.yaml b/vulnerabilities/other/spark-webui-unauth.yaml
index a1e0b2dd4a..d22e414ee3 100644
--- a/vulnerabilities/other/spark-webui-unauth.yaml
+++ b/vulnerabilities/other/spark-webui-unauth.yaml
@@ -17,7 +17,7 @@ requests:
           - 200
       - type: word
         words:
-          - "<title>Spark Master at spark://
+          - "<title>Spark Master at spark://"
           - "<strong>URL:</strong>"
         part: body
         condition: and