nuclei-templates/exposed-panels/h2console-panel.yaml

id: h2console-panel

info:
  name: H2 console web panel
  author: righettod
  severity: info
  reference:
    - https://mp.weixin.qq.com/s/Yn5U8WHGJZbTJsxwUU3UiQ
    - https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console
  metadata:
    shodan-query: http.title:"H2 Console"
  tags: panel,h2,console

requests:
  - method: GET
    path:
      - '{{BaseURL}}/h2-console/login.jsp'

    matchers:

      - type: dsl
        dsl:
          - "status_code==200"
          - "contains(tolower(body), '<title>h2 console</title>')"
        condition: and