36 lines
1.2 KiB
YAML
36 lines
1.2 KiB
YAML
id: unigui-server-monitor-exposure
|
|
|
|
info:
|
|
name: UniGUI Server Monitor Panel - Exposure
|
|
author: serrapa
|
|
severity: low
|
|
description: |
|
|
Detects exposed UniGUI Server Monitor Panels which could reveal sensitive server statistics, users sessions, licensing information and others data.
|
|
reference:
|
|
- https://www.unigui.com/doc/online_help/using-server-monitor-(server-c.htm
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
shodan-query: title:"uniGUI"
|
|
fofa-query: title="uniGUI"
|
|
tags: exposure,unigui,misconfig
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/server"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains_any(body, "uniGUI Standalone Server", "uniGUI License Information", "Server Statistics")'
|
|
- 'status_code == 200'
|
|
condition: and
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(body, "layout:\"fit\",title:\"uniGUI Standalone Server\"")'
|
|
- 'contains(body, "layout:\"absolute\",title:\"Server Statistics\"")'
|
|
condition: or
|
|
# digest: 4a0a0047304502205cdaff71796bf1160eda5fa9c192b00f6f5beb2d3ed70c758deb475861cc3fd602210088cf4a36cf7ba5c9fac1619fc8f9e5b00f6f3490fdf6c84e1edde805f06a2164:922c64590222798bb761d5b6d8e72950 |