dozzle-container-logs: Dozzle - Logs Exposure

日期: 2025-08-01 | 影响软件: Dozzle | POC: 已公开

漏洞描述

Dozzle is a small lightweight application with a web based interface to monitor Docker logs. It doesn’t store any log files. It is for live monitoring of your container logs only.

PoC代码[已公开]

id: dozzle-container-logs

info:
  name: Dozzle - Logs Exposure
  author: theabhinavgaur
  severity: medium
  description: Dozzle is a small lightweight application with a web based interface to monitor Docker logs. It doesn’t store any log files. It is for live monitoring of your container logs only.
  reference:
    - https://github.com/amir20/dozzle
    - https://dozzle.dev/
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.title:"Dozzle"
  tags: exposure,logs,dozzle,docker,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"authorizationNeeded": "false"'
          - 'Dozzle'
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402203031c72cac76fa07ad45d1a63d00621c37f034ea88f5c02bfffb4f9d63094c310220473bd7c16fb7d258b5b8e68f3f696d3cee91529035e7d4669725bed7b1063f15:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/logs/dozzle-container-logs.yaml