nuclei-templates/http/exposures/configs/jkstatus-manager.yaml

42 lines
1.3 KiB
YAML

id: jkstatus-manager
info:
name: JK Status Manager - Detect
author: pdteam,DhiyaneshDk
severity: low
description: |
Exposed JKStatus manager which is a web-based tool that allows administrators to monitor and manage the connections between the Apache HTTP Server and the Tomcat application server.
reference:
- https://github.com/PortSwigger/j2ee-scan/blob/master/src/main/java/burp/j2ee/issues/impl/JKStatus.java
metadata:
verified: true
max-request: 8
shodan-query: html:"JK Status Manager"
product: tomcat
vendor: apache
tags: config,jk,status,exposure
classification:
cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
http:
- method: GET
headers:
X-Forwarded-For: "127.0.0.1"
path:
- "{{BaseURL}}"
- "{{BaseURL}}/status"
- "{{BaseURL}}/jkstatus"
- "{{BaseURL}}/jkstatus-auth"
- "{{BaseURL}}/jk-status"
- "{{BaseURL}}/jkmanager"
- "{{BaseURL}}/jkmanager-auth"
- "{{BaseURL}}/jdkstatus"
stop-at-first-match: true
matchers:
- type: word
words:
- "JK Status Manager"
# digest: 490a0046304402205bc0be4fe64354ab625e609d9b1de733811c19aee5c839064f3ee13fe5f1a9d702206e4a116fd9cd36ff0920b8589a6fdbb374ed0d8537cfeaf33faf2e63d21f1d3a:922c64590222798bb761d5b6d8e72950