37 lines
1.2 KiB
YAML
37 lines
1.2 KiB
YAML
id: jkstatus-manager
|
|
|
|
info:
|
|
name: JK Status Manager - Detect
|
|
author: pdteam,DhiyaneshDk
|
|
severity: low
|
|
description: |
|
|
Exposed JKStatus manager which is a web-based tool that allows administrators to monitor and manage the connections between the Apache HTTP Server and the Tomcat application server.
|
|
reference:
|
|
- https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/JKStatus.java
|
|
metadata:
|
|
verified: true
|
|
max-request: 8
|
|
shodan-query: html:"JK Status Manager"
|
|
tags: config,jk,status,exposure
|
|
|
|
http:
|
|
- method: GET
|
|
|
|
headers:
|
|
X-Forwarded-For: "127.0.0.1"
|
|
path:
|
|
- "{{BaseURL}}"
|
|
- "{{BaseURL}}/status"
|
|
- "{{BaseURL}}/jkstatus"
|
|
- "{{BaseURL}}/jkstatus-auth"
|
|
- "{{BaseURL}}/jk-status"
|
|
- "{{BaseURL}}/jkmanager"
|
|
- "{{BaseURL}}/jkmanager-auth"
|
|
- "{{BaseURL}}/jdkstatus"
|
|
|
|
stop-at-first-match: true
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "JK Status Manager"
|
|
# digest: 490a0046304402205bc0be4fe64354ab625e609d9b1de733811c19aee5c839064f3ee13fe5f1a9d702206e4a116fd9cd36ff0920b8589a6fdbb374ed0d8537cfeaf33faf2e63d21f1d3a:922c64590222798bb761d5b6d8e72950 |