nuclei-templates/http/exposed-panels/glpi-panel.yaml

51 lines
1.4 KiB
YAML

id: glpi-project_glpi
info:
name: GLPI Panel - Detect
author: dogasantos,daffainfo,ricardomaia,dhiyaneshDk
severity: info
description: GLPI panel was detected.
reference:
- https://glpi-project.org/
- https://www.exploit-db.com/ghdb/7002
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
metadata:
max-request: 3
product: glpi
shodan-query: http.title:"GLPI"
vendor: glpi-project
verified: true
tags: glpi,edb,panel,glpi-project
http:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}/CHANGELOG.md"
- "{{BaseURL}}/glpi/"
redirects: true
max-redirects: 2
stop-at-first-match: false
matchers:
- type: word
case-insensitive: true
words:
- "GLPI"
- "glpi-project.org"
condition: and
extractors:
- type: regex
name: version
part: body
group: 1
regex:
- '(?i)base\.min\.js\?v=([\d.|\d]+)">'
- '(?i)jquery\.min\.js\?v=([\d.|\d]+)">'
- '(?i)# GLPI changes\n\n.*\n.*\n.*\n##\s\[(\d+\.\d+|\d+\.\d+\.\d+)\]'
- '(?i)GLPI.*?([\d.|\d]+).copyright'
# digest: 4a0a0047304502206be416122b8840e19ab3a10132caa54464d66e2a19c687368798baa7c22e10cd022100a6ca2094df63df57a3b701d22d37c8eb12dfdf3d2b1be650f7770dad45c36bbc:922c64590222798bb761d5b6d8e72950