id: tautulli-unauth

info:
  name: Tautulli Panel - Unauthenticated Access
  author: ritikchaddha
  severity: medium
  classification:
    cpe: cpe:2.3:a:tautulli:tautulli:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: tautulli
    product: tautulli
    shodan-query:
      - title:"Tautulli - Home"
      - http.title:"tautulli"
      - http.title:"tautulli - home"
    fofa-query:
      - title="tautulli - home"
      - title="tautulli"
    google-query:
      - intitle:"tautulli"
      - intitle:"tautulli - home"
  tags: panel,misconfig,tautulli,unauth,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}/home"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Tautulli - Home'
          - 'Libraries</a>'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a004730450220595930c65e0d4c7235998f06e0b27e4abbbf6bf19f31520c0c1e1e32a8ba3eb9022100dfd0d986a36c16e3581ed8fff4f3cf88475b310e14f586f55e705fd8e788d1e8:922c64590222798bb761d5b6d8e72950