id: unauthenticated-nginx-dashboard

info:
  name: Nginx Dashboard
  author: BibekSapkota (sar00n)
  severity: low
  description: Nginx Dashboard is exposed.
  reference:
    - https://www.acunetix.com/vulnerabilities/web/unrestricted-access-to-nginx-dashboard/
  metadata:
    max-request: 1
    shodan-query: html:"NGINX+ Dashboard"
  tags: misconfig,nginx

http:
  - method: GET
    path:
      - "{{BaseURL}}/dashboard.html"

    max-size: 2048

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'Nginx+ Dashboard'

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100cd23660f3544a11ad1aac1af80a2f6b1cf02f4f39ae0571905bdbd8434b814d20221009a008f5101c4d4b6afcd27967b815d49efd87ee8bef5702614b8bed3b2b0c1be:922c64590222798bb761d5b6d8e72950