nuclei-templates/exposed-panels/h2console-panel.yaml

25 lines
600 B
YAML

id: h2console-panel
info:
name: H2 console web panel
author: righettod
severity: info
reference:
- https://mp.weixin.qq.com/s/Yn5U8WHGJZbTJsxwUU3UiQ
- https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console
- https://www.shodan.io/search?query=http.title%3A%22H2+Console%22
tags: panel,h2,console
requests:
- method: GET
path:
- '{{BaseURL}}/h2-console/login.jsp'
matchers:
- type: dsl
dsl:
- "status_code==200"
- "contains(tolower(body), '<title>h2 console</title>')"
condition: and