id: unauthenticated-nginx-dashboard

info:
  name: Nginx Dashboard
  author: BibekSapkota (sar00n)
  severity: low
  description: Nginx Dashboard is exposed.
  reference:
    - https://www.acunetix.com/vulnerabilities/web/unrestricted-access-to-nginx-dashboard/
  metadata:
    max-request: 1
    shodan-query: html:"NGINX+ Dashboard"
  tags: misconfig,nginx

http:
  - method: GET
    path:
      - "{{BaseURL}}/dashboard.html"

    max-size: 2048

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'Nginx+ Dashboard'

      - type: status
        status:
          - 200

# digest: 4a0a00473045022022014bca5636c35f8a10d1f18be926dcf49b6652f45affef03b38b2b119ff2c9022100ab87087b7c6d30fd7156772f02bd77e9433d0c533c91c7a8980ba960d993e504:922c64590222798bb761d5b6d8e72950