id: doris-dashboard info: name: Doris Dashboard - Exposed author: ritikchaddha severity: medium description: Unauthorized access to the Doris Dashboard. metadata: verified: true max-request: 1 shodan-query: http.favicon.hash:24048806 tags: doris,exposure,unauth,logs,misconfig http: - method: GET path: - "{{BaseURL}}" matchers-condition: and matchers: - type: word part: body words: - 'Doris' - 'CPU Profile' - 'Heap Profile' condition: and - type: status status: - 200 # digest: 4a0a004730450220244a64d3c918030234d31f8cb71b401a9b730501e073934b44d84677f3d51a04022100f46ad3bab6c25998ce9321e6188764f0c54c64436c8e8cc25044ebed5f7b1147:922c64590222798bb761d5b6d8e72950