id: h2console-panel info: name: H2 console web panel author: righettod severity: info reference: - https://mp.weixin.qq.com/s/Yn5U8WHGJZbTJsxwUU3UiQ - https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console metadata: shodan-query: http.title:"H2 Console" tags: panel,h2,console requests: - method: GET path: - '{{BaseURL}}/h2-console/login.jsp' matchers: - type: dsl dsl: - "status_code==200" - "contains(tolower(body), '