id: gocd-unauth-dashboard

info:
  name: GoCd Unauth Dashboard
  author: dhiyaneshDk
  severity: medium
  description: GoCd Dashboard is exposed.
  metadata:
    max-request: 1
    shodan-query: http.title:"Create a pipeline - Go",html:"GoCD Version"
  tags: go,gocd,unauth,misconfig

http:
  - method: GET
    path:
      - '{{BaseURL}}/go/admin/pipelines/create?group=defaultGroup'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<title>Create a pipeline - Go</title>'

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022039ea9bdb750a12ccc3a1ed4f126dc46e57f112649d35b2ed182a654a048ea4ad022100d4c117105dea72d50f8721c3c173dc0dd54cac8ffa896fd7f2ef5b4525f1f90a:922c64590222798bb761d5b6d8e72950