id: alibaba-mongoshake-unauth

info:
  name: Alibaba Mongoshake Unauth
  author: pikpikcu
  severity: info
  metadata:
    max-request: 1
  tags: mongoshake,unauth,alibaba,misconfig

http:
  - method: GET
    path:
      - '{{BaseURL}}/'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '{"Uri":"/worker","Method":"GET"}'

      - type: word
        words:
          - 'text/plain'
        part: header

      - type: status
        status:
          - 200

# digest: 4a0a00473045022100df73190b4cb70a8ce254319365eb46566529f720568dd75e7c78ef98947776d602201c21217186da8ecab8fb38921f040a238ce5817e862ef108277fdfd8e53e7b52:922c64590222798bb761d5b6d8e72950