deos-openview-panel: DEOS OPENview Admin Panel Unauthenticated Access

日期: 2025-08-01 | 影响软件: deos-openview-panel | POC: 已公开

漏洞描述

The DEOS OPENview administrative panel is accessible without authentication.

PoC代码[已公开]

id: deos-openview-panel

info:
  name: DEOS OPENview Admin Panel Unauthenticated Access
  author: sullo
  severity: high
  description: The DEOS OPENview administrative panel is accessible without authentication.
  reference:
    - https://www.deos-ag.com/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cwe-id: CWE-284
  metadata:
    max-request: 1
  tags: openview,disclosure,panel,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/client/index.html"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - '<title>OPENview</title>'
# digest: 4b0a00483046022100d83af0d15d680b14ab62853e1d2e01e122b323f0e08f2d83f9c8db87fb884295022100c8e388282d38327d490e7e9d3f6d573c9da3b32238cfb82b2d606f633f878f64:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/deos-openview-admin.yaml