clockwork-dashboard-exposure: Clockwork Dashboard Exposure

日期: 2025-08-01 | 影响软件: Clockwork Dashboard | POC: 已公开

漏洞描述

Clockwork Dashboard is exposed.

PoC代码[已公开]

id: clockwork-dashboard-exposure

info:
  name: Clockwork Dashboard Exposure
  author: dhiyaneshDk
  severity: high
  description: Clockwork Dashboard is exposed.
  reference:
    - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/clockwork-dashboard-exposure.json
  metadata:
    max-request: 1
  tags: exposure,unauth,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/__clockwork/latest"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"id":'
          - '"version":'
          - '"method":'
          - '"url":'
          - '"time":'
        part: body
        condition: and

      - type: word
        words:
          - "application/json"
        part: header
# digest: 4a0a0047304502201871111b0175a8480d075037cae3b746927fbb76a2759fc880680ae268e34fcb022100b755714d96249052f293ee37521a80c85efda6d270d36fc6ee088dc7eccd2dae:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/clockwork-dashboard-exposure.yaml