id: filestash-admin-config info: name: Filestash Admin Password Configuration author: DhiyaneshDK severity: high description: | Filestash is susceptible to the Admin Password Configuration page exposure due to misconfiguration. metadata: verified: true max-request: 1 shodan-query: html:"Admin Console" product: filestash vendor: filestash tags: exposure,filestash,config classification: cpe: cpe:2.3:a:filestash:filestash:*:*:*:*:*:*:*:* http: - method: GET path: - "{{BaseURL}}/admin/setup" matchers-condition: and matchers: - type: word part: body words: - 'Admin Console' - 'component-loader' condition: and - type: status status: - 200 # digest: 4b0a004830460221008d18436adf95aef37bf555bd240b9f8fe6990a1c637624d206fcc7733673f62f02210085a8db22dccb1df2f164afa6ec88a3dc3d31ca327e6981d85122220a8634bfd2:922c64590222798bb761d5b6d8e72950